Deploying Microsoft Exchange

This tutorial describes how to deploy Microsoft Exchange servers in Yandex Cloud. You will install two Microsoft Exchange mail servers, two Active Directory servers, and two Edge Transport servers in ru-central1-a and ru-central1-b availability zones. A network load balancer will distribute load across the servers. To manage the servers, you will use a separate VM with internet access hosted in the ru-central1-d availability zone.

1. Prepare your cloud.
2. Create a cloud network and subnets.
3. Create a script to manage a local administrator account.
4. Create a VM for Active Directory.
5. Create a VM for File Share Witness.
6. Install and configure Active Directory.
7. Configure the second domain controller.
8. Install Microsoft Exchange.
9. Create Microsoft Exchange servers.
10. Create a database availability group.
11. Configure Client Access.
12. Configure the network load balancer.
13. Configure Accepted Domains and Email Address Policy.
14. Create and configure a VM for Edge Transport servers
15. Configure Edge Transport servers.
16. Add Edge Transport servers to Exchange.

If you no longer need the resources you created, delete them.

Prepare your cloudPrepare your cloud

Sign up for Yandex Cloud and create a billing account:

1. Go to the management console and log in to Yandex Cloud or create an account if you do not have one yet.
2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one.

If you have an active billing account, you can go to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

Required paid resourcesRequired paid resources

The cost of a Microsoft Exchange installation includes:

• Fee for continuously running virtual machines (see Yandex Compute Cloud pricing).
• Fee for load balancing (see Yandex Network Load Balancer pricing).
• Fee for using dynamic or static public IP addresses (see Yandex Virtual Private Cloud pricing).
• Fee for outbound traffic from Yandex Cloud to the internet (see Yandex Compute Cloud pricing).

Create a cloud network and subnetsCreate a cloud network and subnets

Create a cloud network named exchange-network with subnets in all availability zones where your VMs will be located.

1. Create a cloud network:

   Management console

   CLI

   To create a cloud network:

   1. Open the Virtual Private Cloud section of the folder where you want to create a cloud network.
   2. Click Create network.
   3. Enter the network name: exchange-network.
   4. Click Create network.

   To create a cloud network, run the command:

   yc vpc network create --name exchange-network
   

2. Create three subnets in exchange-network:

   Management console

   CLI

   To create a subnet:

   1. Open the Virtual Private Cloud section in the folder to create a subnet in.
   2. Click the name of the cloud network.
   3. Click Add subnet.
   4. Fill out the form: enter exchange-subnet-a as the subnet name and select the ru-central1-a availability zone from the drop-down list.
   5. Enter the subnet CIDR: IP address and subnet mask: 10.1.0.0/16. For more information about subnet IP address ranges, see Cloud networks and subnets.
   6. Click Create subnet.

   Repeat these steps for two more subnets, exchange-subnet-b and exchange-subnet-d, in the ru-central1-b and ru-central1-d availability zones with the 10.2.0.0/16 and 10.3.0.0/16 CIDR, respectively.

   To create subnets, run the following commands:

   yc vpc subnet create \
     --name exchange-subnet-a \
     --zone ru-central1-a \
     --network-name exchange-network \
     --range 10.1.0.0/16
   
   yc vpc subnet create \
     --name exchange-subnet-b \
     --zone ru-central1-b \
     --network-name exchange-network \
     --range 10.2.0.0/16
   
   yc vpc subnet create \
     --name exchange-subnet-d \
     --zone ru-central1-d \
     --network-name exchange-network \
     --range 10.3.0.0/16
   

Create a script to manage a local administrator accountCreate a script to manage a local administrator account

Create a file named setpass with a script that will set a password for the local administrator account when you create VMs via the CLI:

#ps1
Get-LocalUser | Where-Object SID -like *-500 | Set-LocalUser -Password (ConvertTo-SecureString "<your_password>" -AsPlainText -Force)

The password must meet the complexity requirements.

You can read more about the best practices for securing Active Directory on the MS official website.

Create a VM for Active DirectoryCreate a VM for Active Directory

Create two virtual machines for Active Directory. These VMs will not have internet access.

yc compute instance create \
  --name ad-vm-a \
  --hostname ad-vm-a \
  --memory 8 \
  --cores 4 \
  --zone ru-central1-a \
  --network-interface subnet-name=exchange-subnet-a,ipv4-address=10.1.0.3 \
  --create-boot-disk image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

yc compute instance create \
  --name ad-vm-b \
  --hostname ad-vm-b \
  --memory 8 \
  --cores 4 \
  --zone ru-central1-b \
  --network-interface subnet-name=exchange-subnet-b,ipv4-address=10.2.0.3 \
  --create-boot-disk image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

Create a VM for File Share WitnessCreate a VM for File Share Witness

A file server with internet access is used to configure VMs with Active Directory.

yc compute instance create \
  --name fsw-vm \
  --hostname fsw-vm \
  --memory 4 \
  --cores 2 \
  --zone ru-central1-d \
  --network-interface subnet-name=exchange-subnet-d,nat-ip-version=ipv4 \
  --create-boot-disk image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

Install and configure Active DirectoryInstall and configure Active Directory

Active Directory VMs do not have internet access. To configure them, use the fsw-vm VM through RDP.

1. Connect to fsw-vm through RDP. Use Administrator for username, and your password.

2. On fsw-vm, run RDP and connect to ad-vm-a. Use Administrator for username, and your password.

3. On ad-vm-a, run PowerShell and set a static address:

   netsh interface ip set address "eth0" static 10.1.0.3 255.255.255.0 10.1.0.1
   

4. Create a temporary folder:

   mkdir C:\Windows\temp
   

5. Assign Active Directory roles:

   Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
   

   Result:

   Success Restart Needed Exit Code      Feature Result
   ------- -------------- ---------      --------------
   True    No             Success        {Active Directory Domain Services, Group P...
   

6. Create an Active Directory forest:

   Install-ADDSForest -DomainName 'yantoso.net' -Force:$true
   

   Windows will restart automatically. After it restarts, connect to ad-vm-a using the yantoso\Administrator account and your password. Relaunch PowerShell.

7. Rename the default site to ru-central1-a:

   Get-ADReplicationSite 'Default-First-Site-Name' | Rename-ADObject -NewName 'ru-central1-a'
   

8. Create two more sites for the other availability zones:

   New-ADReplicationSite 'ru-central1-b'
   New-ADReplicationSite 'ru-central1-d'
   

9. Create subnets and link them to the sites:

   New-ADReplicationSubnet -Name '10.1.0.0/16' -Site 'ru-central1-a'
   New-ADReplicationSubnet -Name '10.2.0.0/16' -Site 'ru-central1-b'
   New-ADReplicationSubnet -Name '10.3.0.0/16' -Site 'ru-central1-d'
   

10. Rename the site link and configure replication:

    Get-ADReplicationSiteLink 'DEFAULTIPSITELINK' | `
        Set-ADReplicationSiteLink -SitesIncluded @{Add='ru-central1-b'} -ReplicationFrequencyInMinutes 15 -PassThru | `
        Set-ADObject -Replace @{options = $($_.options -bor 1)} -PassThru | `
        Rename-ADObject -NewName 'ru-central1'
    

11. Set the DNS redirect server:

    Set-DnsServerForwarder '10.1.0.2'
    

12. Configure the DNS client:

    Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.2.0.3,127.0.0.1"
    

Configure the second domain controllerConfigure the second domain controller

1. Connect to fsw-vm through RDP. Use Administrator for username, and your password.

2. On fsw-vm, run RDP and connect to ad-vm-b. Use Administrator for username, and your password.

3. Create a temporary folder:

   mkdir C:\Windows\temp
   

4. Assign Active Directory roles:

   Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
   

   Result:

   Success Restart Needed Exit Code      Feature Result
   ------- -------------- ---------      --------------
   True    No             Success        {Active Directory Domain Services, Group P...
   

5. Configure the DNS client:

   Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.1.0.3,127.0.0.1"
   

6. Configure a static IP address:

   netsh interface ip set address "eth0" static 10.2.0.3 255.255.255.0 10.2.0.1
   

7. Add the controller to the domain:

   Install-ADDSDomainController `
       -Credential (Get-Credential "yantoso\Administrator") `
       -DomainName 'yantoso.net' `
       -Force:$true
   

   Windows will restart automatically. After it restarts, connect to ad-vm-b using the yantoso\Administrator account and your password. Relaunch PowerShell.

8. Set the DNS redirect server:

   Set-DnsServerForwarder '10.2.0.2'
   

Install Microsoft ExchangeInstall Microsoft Exchange

1. Connect to fsw-vm using RDP and run PowerShell.

2. Configure the DNS client:

   Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.1.0.3,10.2.0.3"
   

3. Add the server to the domain:

   $Credentials = Get-Credential # yantoso\Administrator
   Add-Computer -DomainName yantoso.net -DomainCredential $Credentials -Force -Restart
   

   Windows will restart automatically. After it restarts, connect to fsw-vm using the yantoso\Administrator account and your password. Relaunch PowerShell.

4. Create the distrib folder:

   mkdir c:\distrib
   

5. Download the Exchange Server distribution and required dependencies:

   1. .NET Framework 4.7.2.
   2. Visual C++ Redistributable Package for Visual Studio 2012. Rename the downloaded file to vcredist_x64_2012.exe.
   3. Visual C++ Redistributable Package for Visual Studio 2013. Rename the downloaded file to vcredist_x64_2013.exe.
   4. Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit.

   Place the distributions in the C:\distrib directory.

6. Grant shared access from the domain to the directory with distributions:

   New-SmbShare -ReadAccess 'yantoso\domain users' -Path 'c:\distrib' -Name 'distrib'
   

Create Microsoft Exchange serversCreate Microsoft Exchange servers

Create the first Exchange serverCreate the first Exchange server

1. Create a VM named vm-exchange-a:

   Management console

   CLI

   1. On the folder page in the management console, click Create resource and select Virtual machine instance.

   2. Under Boot disk image:

      • Go to the Custom tab.
      • Click Select and select Create new in the window that opens.
      • In the Contents field, select Image and then select the Windows Server 2016 Datacenter image from the list below. For more information on how to upload your own image for Microsoft products, see the Importing required image section.
      • (Optional) In the Additional field, enable Delete along with the virtual machine if you need to automatically delete this disk when deleting the VM.
      • Click Add disk.

   3. Under Location, select the ru-central1-a availability zone.

   4. Under Disks and file storages:

      • Set the boot disk size: 100 GB.
      • Click Add and add another 250 GB SSD named db-a.

   5. Under Computing resources, navigate to the Custom tab and specify the required platform, number of vCPUs, and amount of RAM:

      • Platform: Intel Ice Lake.
      • vCPU: 8.
      • Guaranteed vCPU performance: 100%.
      • RAM: 32 GB.

   6. Under Network settings, specify:

      • Subnet: exchange-subnet-a.
      • Public IP: No address.

   7. Under General information, specify the VM name: vm-exchange-a.

   8. Click Create VM.

   Wait for the VM status to change to Running and reset the password:

   1. Select the VM.
   2. Click Reset password.
   3. Specify the Username to reset the password for. If there is no user with that name on the VM, this user will be created with administrator access.
   4. Click Generate password.
   5. Save the New password. It will become unavailable once you close the window.

   yc compute instance create \
     --name vm-exchange-a \
     --hostname vm-exchange-a \
     --memory 32 \
     --cores 8 \
     --zone ru-central1-a \
     --network-interface subnet-name=exchange-subnet-a \
     --create-boot-disk size=100,image-folder-id=standard-images,image-family=windows-2016-gvlk \
     --create-disk type=network-ssd,size=250,auto-delete=false \
     --metadata-from-file user-data=setpass
   

2. Connect to fsw-vm through RDP.

3. On fsw-vm, run RDP and connect to vm-exchange-a. Use Administrator for username, and your password. Launch PowerShell.

4. Configure the DNS client:

   Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.1.0.3"
   

5. Add vm-exchange-a to the domain:

   $Credentials = Get-Credential # yantoso\Administrator
   Add-Computer -DomainName yantoso.net -DomainCredential $Credentials -Force -Restart
   

   After it restarts, log in to the VM with the yantoso\Administrator account and your password. Relaunch PowerShell.

6. Install the downloaded dependencies in the following order:

   1. & \\fsw-vm\distrib\vcredist_x64_2012.exe /install /passive /norestart
   2. & \\fsw-vm\distrib\vcredist_x64_2013.exe /install /passive /norestart
   3. & \\fsw-vm\distrib\UcmaRuntimeSetup.exe /install /passive /norestart
   4. & \\fsw-vm\distrib\NDP472-KB4054530-x86-x64-AllOS-ENU.exe /install /passive /norestart

7. Restart the VM: Restart-Computer -Force.

   After it restarts, log in to the VM with the yantoso\Administrator account and your password. Relaunch PowerShell.

8. Install Exchange Mailbox Server on vm-exchange-a. Mount the distribution image from the shared folder with distributions:

   Mount-DiskImage \\fsw-vm\distrib\ExchangeServer2016-x64-cu13.iso
   

9. Install Exchange Mailbox Server:

   & D:\Setup.exe /Mode:Install /InstallWindowsComponents /Role:Mailbox /IAcceptExchangeServerLicenseTerms /OrganizationName:MyOrg
   Restart-Computer -Force
   

   When the installation is complete, the VM restarts automatically.

Create the second Exchange serverCreate the second Exchange server

1. Create a VM named vm-exchange-b:

   Management console

   CLI

   1. On the folder page in the management console, click Create resource and select Virtual machine instance.

   2. Under Boot disk image:

      • Go to the Custom tab.
      • Click Select and select Create new in the window that opens.
      • In the Contents field, select Image and then select the Windows Server 2016 Datacenter image from the list below. For more information on how to upload your own image for Microsoft products, see the Importing required image section.
      • (Optional) In the Additional field, enable Delete along with the virtual machine if you need to automatically delete this disk when deleting the VM.
      • Click Add disk.

   3. Under Location, select the ru-central1-b availability zone.

   4. Under Disks and file storages:

      • Set the boot disk size: 100 GB.
      • Click Add and add another 250 GB SSD named db-b.

   5. Under Computing resources, navigate to the Custom tab and specify the required platform, number of vCPUs, and amount of RAM:

      • Platform: Intel Ice Lake.
      • vCPU: 8.
      • Guaranteed vCPU performance: 100%.
      • RAM: 32 GB.

   6. Under Network settings, specify:

      • Subnet: exchange-subnet-b.
      • Public IP: No address.

   7. Under General information, specify the VM name: vm-exchange-b.

   8. Click Create VM.

   Wait for the VM status to change to Running and reset the password:

   1. Select the VM.
   2. Click Reset password.
   3. Specify the Username to reset the password for. If there is no user with that name on the VM, this user will be created with administrator access.
   4. Click Generate password.
   5. Save the New password. It will become unavailable once you close the window.

   yc compute instance create \
     --name vm-exchange-b \
     --hostname vm-exchange-b \
     --memory 32 \
     --cores 8 \
     --zone ru-central1-b \
     --network-interface subnet-name=exchange-subnet-b \
     --create-boot-disk size=100,image-folder-id=standard-images,image-family=windows-2016-gvlk \
     --create-disk type=network-ssd,size=250,auto-delete=false \
     --metadata-from-file user-data=setpass
   

2. Connect to fsw-vm through RDP.

3. On fsw-vm, run RDP and connect to vm-exchange-b. Use Administrator for username, and your password. Launch PowerShell.

4. Configure the DNS client:

   Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.1.0.3"
   

5. Add vm-exchange-a to the domain:

   $Credentials = Get-Credential # yantoso\Administrator
   Add-Computer -DomainName yantoso.net -DomainCredential $Credentials -Force -Restart
   

   After it restarts, log in to the VM with the yantoso\Administrator account and your password. Relaunch PowerShell.

6. Install the downloaded dependencies in the following order:

   1. & \\fsw-vm\distrib\vcredist_x64_2012.exe /install /passive /norestart
   2. & \\fsw-vm\distrib\vcredist_x64_2013.exe /install /passive /norestart
   3. & \\fsw-vm\distrib\UcmaRuntimeSetup.exe /install /passive /norestart
   4. & \\fsw-vm\distrib\NDP472-KB4054530-x86-x64-AllOS-ENU.exe /install /passive /norestart

7. Restart the VM: Restart-Computer -Force.

   After it restarts, log in to the VM with the yantoso\Administrator account and your password. Relaunch PowerShell.

8. Install Exchange Mailbox Server on vm-exchange-b. Mount the distribution image from the shared folder with distributions:

   Mount-DiskImage \\fsw-vm\distrib\ExchangeServer2016-x64-cu13.iso
   

9. Install Exchange Mailbox Server:

   & D:\Setup.exe /Mode:Install /InstallWindowsComponents /Role:Mailbox /IAcceptExchangeServerLicenseTerms /OrganizationName:MyOrg
   Restart-Computer -Force
   

   When the installation is complete, the VM restarts automatically.

Create a database availability groupCreate a database availability group

A database availability group ensures fault tolerance for mail servers via DB replication and automatic DB failover in the event of a crash.

1. Connect to fsw-vm through RDP.

2. Grant the yantoso\Exchange Trusted Subsystem group administrator permissions for fsw-vm:

   Add-LocalGroupMember -Group 'Administrators' -Member 'yantoso\Exchange Trusted Subsystem'
   

Create disks for VM databasesCreate disks for VM databases

1. On fsw-vm, run RDP and connect to vm-exchange-a. Use yantoso\Administrator for username, and your password.

2. Create an additional disk and format it:

   Get-Disk | `
       Where-Object PartitionStyle -eq raw | `
       Initialize-Disk -PartitionStyle GPT -PassThru | `
       New-Partition -DriveLetter 'Z' -UseMaximumSize | `
       Format-Volume -FileSystem NTFS -NewFileSystemLabel "mdb" -Confirm:$false -AllocationUnitSize 65536
   

3. Install the Failover-Clustering role:

   Install-WindowsFeature -Name 'Failover-Clustering' -IncludeManagementTools
   

Repeat these commands for vm-exchange-b.

Configure the database availability groupConfigure the database availability group

1. On fsw-vm, run RDP and connect to vm-exchange-a using RDP. Use yantoso\Administrator for username, and your password.

2. Run the Exchange Management Shell.

3. Create a database availability group:

   New-DatabaseAvailabilityGroup `
       -Name ycdag `
       -WitnessServer fsw-vm `
       -DatabaseAvailabilityGroupIpAddresses 255.255.255.255
   

4. Add the vm-exchange-a and vm-exchange-b servers to the DAG:

   Add-DatabaseAvailabilityGroupServer -Identity ycdag -MailboxServer vm-exchange-a
   Add-DatabaseAvailabilityGroupServer -Identity ycdag -MailboxServer vm-exchange-b
   

5. Check the status of the servers. Both should be in the Operational Servers column:

   Get-DatabaseAvailabilityGroup -Status
   

   Result:

   Name             Member Servers                                      Operational Servers
   ----             --------------                                      -------------------
   ycdag            {VM-EXCHANGE-A, VM-EXCHANGE-B}                    {VM-EXCHANGE-A, VM-EXCHANGE-B}
   

6. Create a mail server database:

   New-MailboxDatabase -Name yamdb -EdbFilePath 'Z:\MDB\yamdb\yamdb.edb' -LogFolderPath 'Z:\MDB\yamdb\log' -Server vm-exchange-a
   

7. Mount the database:

   Mount-Database yamdb
   

8. Create a copy of the database on the second server:

   Add-MailboxDatabaseCopy -Identity yamdb -MailboxServer vm-exchange-b -SeedingPostponed
   Update-MailboxDatabasecopy yamdb\vm-exchange-b –CatalogOnly
   

9. Check the DB status:

   Get-MailboxDatabaseCopyStatus -Server vm-exchange-a
   Get-MailboxDatabaseCopyStatus -Server vm-exchange-b
   

Configure Client AccessConfigure Client Access

To work with various client applications, you need to create virtual directories.

1. Set the mail domain:

   $MailDomain = "mail.yantoso.net"
   

2. ECP:

   Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -ExternalUrl "https://$MailDomain/ecp"
   

3. EWS:

   Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl "https://$MailDomain/ews/exchange.asmx"
   

4. Active Sync:

   Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -ExternalUrl "https://$MailDomain/Microsoft-Server-ActiveSync"
   

5. OAB:

   Get-OabVirtualDirectory | Set-OabVirtualDirectory -ExternalUrl "https://$MailDomain/OAB"
   

6. OWA:

   Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -ExternalUrl "https://$MailDomain/owa"
   

7. PowerShell:

   Get-PowerShellVirtualDirectory | Set-PowerShellVirtualDirectory -ExternalUrl "https://$MailDomain/powershell"
   

8. MAPI:

   Get-MapiVirtualDirectory | Set-MapiVirtualDirectory -ExternalUrl "https://$MailDomain/mapi"
   

Configure the network load balancerConfigure the network load balancer

It distributes the load across Exchange servers in different availability zones.

Configure Accepted Domains and Email Address PolicyConfigure Accepted Domains and Email Address Policy

A domain is created by default. If you need to change the domain, use the command:

New-AcceptedDomain -Name yantoso.net -DomainName yantoso.net

Edit the Email Address Policy:

Get-EmailAddressPolicy | Set-EmailAddressPolicy -EnabledPrimarySMTPAddressTemplate '@yantoso.net'

All new mailboxes will automatically get an alias with the @yantoso.net domain.

Create a VM for Edge Transport serversCreate a VM for Edge Transport servers

Edge Transport servers handle the main user load: accept emails from the internet, filter out spam, and forward messages to the internal Exchange mail servers.

Create a VM for the vm-edge-a serverCreate a VM for the vm-edge-a server

Create a VM named vm-edge-a:

yc compute instance create \
  --name vm-edge-a \
  --hostname vm-edge-a \
  --memory 8 \
  --cores 4 \
  --zone ru-central1-a \
  --network-interface subnet-name=exchange-subnet-a,nat-ip-version=ipv4 \
  --create-boot-disk size=50,image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

Create a VM for the vm-edge-b serverCreate a VM for the vm-edge-b server

Create a VM named vm-edge-b:

yc compute instance create \
  --name vm-edge-b \
  --hostname vm-edge-b \
  --memory 8 \
  --cores 4 \
  --zone ru-central1-b \
  --network-interface subnet-name=exchange-subnet-b,nat-ip-version=ipv4 \
  --create-boot-disk size=50,image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

Configure Edge Transport serversConfigure Edge Transport servers

Configure the Edge Transport server in the ru-central1-a zoneConfigure the Edge Transport server in the ru-central1-a zone

1. Connect to fsw-vm through RDP.

2. Connect to vm-edge-a through RDP. Use Administrator for username, and your password. Launch PowerShell.

3. Create a temporary folder:

   mkdir C:\Windows\temp
   

4. Install ADLDS roles on the server:

   Install-WindowsFeature ADLDS
   

5. Configure the DNS client:

   Get-NetAdapter | `
       Set-DnsClientServerAddress -ServerAddresses "10.1.0.3,10.2.0.3"
   

6. Configure remote access to the distribution folder located on the fsw-vm server:

   $Credential = Get-Credential # Username: yantoso\Administrator
   
   New-PSDrive -Name 'fsw-vm' -PSProvider:FileSystem -Root '\\fsw-vm.ru-central1.internal\distrib' -Credential $Credential
   

   Enter the yantoso\Administrator username and your password.

7. Install the dependencies:

   & fsw-vm:\vcredist_x64_2012.exe /install /passive /norestart
   & fsw-vm:\NDP472-KB4054530-x86-x64-AllOS-ENU.exe /install /passive /norestart
   

8. Copy the Microsoft Exchange distribution to the vm-edge-a server:

   copy-item fsw-vm:\ExchangeServer2016-x64-cu13.iso c:\windows\temp\ExchangeServer2016-x64-cu13.iso
   

9. Specify the primary DNS suffix:

   $Suffix = 'ru-central1.internal'
   
   Set-ItemProperty -path HKLM:\system\CurrentControlSet\Services\tcpip\parameters -Name Domain -Value $Suffix
   
   Set-ItemProperty -path HKLM:\system\CurrentControlSet\Services\tcpip\parameters -Name 'NV Domain' -Value $Suffix
   

10. Restart the VM:

    Restart-Computer -Force
    

    Reconnect to vm-edge-a via RDP and run PowerShell.

11. Mount the Exchange Server distribution:

    Mount-DiskImage c:\windows\temp\ExchangeServer2016-x64-cu13.iso
    

12. Install Edge Transport Server on the vm-edge-a server:

    & D:\Setup.exe /Mode:Install /InstallWindowsComponents /Role:EdgeTransport /IAcceptExchangeServerLicenseTerms /OrganizationName:MyOrg
    

Configure the Edge Transport server in the ru-central1-b zoneConfigure the Edge Transport server in the ru-central1-b zone

1. Connect to fsw-vm through RDP.

2. Connect to vm-edge-b through RDP. Use Administrator for username, and your password. Launch PowerShell.

3. Create a temporary folder:

   mkdir C:\Windows\temp
   

4. Install ADLDS roles on the server:

   Install-WindowsFeature ADLDS
   

5. Configure the DNS client:

   Get-NetAdapter | `
       Set-DnsClientServerAddress -ServerAddresses "10.2.0.3,10.1.0.3"
   

6. Configure remote access to the distribution folder located on the fsw-vm server:

   $Credential = Get-Credential # Username: yantoso\Administrator
   
   New-PSDrive -Name 'fsw-vm' -PSProvider:FileSystem -Root '\\fsw-vm.ru-central1.internal\distrib' -Credential $Credential
   

   Enter the yantoso\Administrator username and your password.

7. Install the dependencies:

   & fsw-vm:\vcredist_x64_2012.exe /install /passive /norestart
   & fsw-vm:\NDP472-KB4054530-x86-x64-AllOS-ENU.exe /install /passive /norestart
   

8. Copy the Microsoft Exchange distribution to the vm-edge-b server:

   copy-item fsw-vm:\ExchangeServer2016-x64-cu13.iso c:\windows\temp\ExchangeServer2016-x64-cu13.iso
   

9. Specify the primary DNS suffix:

   $Suffix = 'ru-central1.internal'
   
   Set-ItemProperty -path HKLM:\system\CurrentControlSet\Services\tcpip\parameters -Name Domain -Value $Suffix
   
   Set-ItemProperty -path HKLM:\system\CurrentControlSet\Services\tcpip\parameters -Name 'NV Domain' -Value $Suffix
   

10. Restart the VM:

    Restart-Computer -Force
    

    Reconnect to vm-edge-b via RDP and run PowerShell.

11. Mount the Exchange Server distribution:

    Mount-DiskImage c:\windows\temp\ExchangeServer2016-x64-cu13.iso
    

12. Install Edge Transport Server on the vm-edge-b server:

    & D:\Setup.exe /Mode:Install /InstallWindowsComponents /Role:EdgeTransport /IAcceptExchangeServerLicenseTerms /OrganizationName:MyOrg
    

Add Edge Transport servers to ExchangeAdd Edge Transport servers to Exchange

Each Edge Transport server must subscribe to a website in its own availability zone.

Set up a subscription on the vm-edge-a serverSet up a subscription on the vm-edge-a server

1. Create the subscribe folder:

   mkdir c:\subscribe
   

2. Run the Exchange Management Shell. Create a subscription file on the vm-edge-a server:

   New-EdgeSubscription -FileName "C:\subscribe\$(hostname).xml"
   

3. Copy the C:\subscribe\vm-edge-a.xml file to the vm-exchange-a server to the C:\root\vm-edge-a.xml folder.

4. Log in to the vm-exchange-a server and run the Exchange Management Shell.

5. Subscribe the vm-edge-a Edge Transport server to the ru-central1-a website:

   New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\root\vm-edge-a.xml" -Encoding Byte -ReadCount 0)) -Site "ru-central1-a"
   

6. Make sure that the subscription is created using the command:

   Get-EdgeSubscription
   

   Result:

   Name            Site                 Domain
   ----            ----                 ------
   vm-edge-a       yantoso.net/Confi... ru-central1.internal
   

7. Check the sync status:

   Test-EdgeSynchronization
   

   The SyncStatus parameter should change to Normal.

Set up a subscription on the vm-edge-b serverSet up a subscription on the vm-edge-b server

1. Create the subscribe folder:

   mkdir c:\subscribe
   

2. Run the Exchange Management Shell. Create a subscription file on the vm-edge-b server:

   New-EdgeSubscription -FileName "C:\subscribe\$(hostname).xml"
   

3. Copy the C:\subscribe\vm-edge-b.xml file to the vm-exchange-b server, the C:\root\vm-edge-b.xml folder.

4. Log in to the vm-exchange-b server and run the Exchange Management Shell.

5. Subscribe the vm-edge-b Edge Transport server to the ru-central1-b website:

   New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\root\vm-edge-b.xml" -Encoding Byte -ReadCount 0)) -Site "ru-central1-b"
   

6. Make sure that the subscription is created using the command:

   Get-EdgeSubscription
   

   Result:

   Name            Site                 Domain
   ----            ----                 ------
   vm-edge-a       yantoso.net/Confi... ru-central1.internal
   vm-edge-b       yantoso.net/Confi... ru-central1.internal
   

7. Check the sync status:

   Test-EdgeSynchronization
   

   The SyncStatus parameter should change to Normal.

How to delete the resources you createdHow to delete the resources you created

To stop paying for the deployed servers, delete all the VMs and load balancer:

• fsw-vm
• ad-vm-a
• ad-vm-b
• vm-exchange-a
• vm-exchange-b
• vm-edge-a
• vm-edge-b
• exchange-lb load balancer