Deploying Microsoft Exchange

This tutorial describes how to deploy Microsoft Exchange servers in Yandex Cloud. We will install two Microsoft Exchange mail servers, two Active Directory servers, and two Edge Transport services in the ru-central1-a and ru-central1-b availability zones. A network load balancer will distribute load across servers. All servers will be managed via a separate VM with internet access in the ru-central1-d availability zone.

1. Prepare your cloud.
2. Create a cloud network and subnets.
3. Create a script to manage a local administrator account.
4. Create a VM for Active Directory.
5. Create a VM for File Share Witness.
6. Install and configure Active Directory.
7. Configure the second domain controller.
8. Install Microsoft Exchange.
9. Create Microsoft Exchange servers.
10. Create a Database Availability Group.
11. Configure Client Access.
12. Configure the network load balancer.
13. Configure Accepted Domains and Email Address Policy.
14. Create and configure a VM for Edge Transport servers
15. Configure Edge Transport servers.
16. Add Edge Transport servers to Exchange.

If you no longer need the resources you created, delete them.

Prepare your cloudPrepare your cloud

Sign up for Yandex Cloud and create a billing account:

1. Go to the management console and log in to Yandex Cloud or create an account if you do not have one yet.
2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one.

If you have an active billing account, you can go to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

Required paid resourcesRequired paid resources

The cost of a Microsoft Exchange installation includes:

• Fee for continuously running virtual machines (see Yandex Compute Cloud pricing).
• Fee for load balancing (see Yandex Network Load Balancer pricing).
• Fee for using dynamic or static public IP addresses (see Yandex Virtual Private Cloud pricing).
• Cost of outgoing traffic from Yandex Cloud to the internet (see Yandex Compute Cloud pricing).

Create a cloud network and subnetsCreate a cloud network and subnets

Create a cloud network named exchange-network with subnets in all the availability zones where your VMs will be located.

1. Create a cloud network:

   Management console

   CLI

   To create a cloud network:

   1. Open the Virtual Private Cloud section of the folder where you want to create a cloud network.
   2. Click Create network.
   3. Enter the network name: exchange-network.
   4. Click Create network.

   To create a cloud network, run the command:

   yc vpc network create --name exchange-network
   

2. Create three exchange-network subnets:

   Management console

   CLI

   To create a subnet:

   1. Open the Virtual Private Cloud section in the folder to create a subnet in.
   2. Click the name of the cloud network.
   3. Click Add subnet.
   4. Fill out the form: enter exchange-subnet-a as the subnet name and select the ru-central1-a availability zone from the drop-down list.
   5. Enter the subnet CIDR, which is its IP address and mask: 10.1.0.0/16. For more information about subnet IP address ranges, see Cloud networks and subnets.
   6. Click Create subnet.

   Repeat these steps for two more subnets, exchange-subnet-b and exchange-subnet-d, in the ru-central1-b and ru-central1-d availability zones with the 10.2.0.0/16 and 10.3.0.0/16 CIDR, respectively.

   To create subnets, run the following commands:

   yc vpc subnet create \
     --name exchange-subnet-a \
     --zone ru-central1-a \
     --network-name exchange-network \
     --range 10.1.0.0/16
   
   yc vpc subnet create \
     --name exchange-subnet-b \
     --zone ru-central1-b \
     --network-name exchange-network \
     --range 10.2.0.0/16
   
   yc vpc subnet create \
     --name exchange-subnet-d \
     --zone ru-central1-d \
     --network-name exchange-network \
     --range 10.3.0.0/16
   

Create a script to manage a local administrator accountCreate a script to manage a local administrator account

Create a file named setpass with a script that will set a password for the local administrator account when creating VMs via the CLI:

#ps1
Get-LocalUser | Where-Object SID -like *-500 | Set-LocalUser -Password (ConvertTo-SecureString "<your password>" -AsPlainText -Force)

The password must meet the complexity requirements.

Learn more about security best practices for Active Directory on the official website.

Create a VM for Active DirectoryCreate a VM for Active Directory

Create two virtual machines for Active Directory. These VMs will not have internet access.

yc compute instance create \
  --name ad-vm-a \
  --hostname ad-vm-a \
  --memory 8 \
  --cores 4 \
  --zone ru-central1-a \
  --network-interface subnet-name=exchange-subnet-a,ipv4-address=10.1.0.3 \
  --create-boot-disk image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

yc compute instance create \
  --name ad-vm-b \
  --hostname ad-vm-b \
  --memory 8 \
  --cores 4 \
  --zone ru-central1-b \
  --network-interface subnet-name=exchange-subnet-b,ipv4-address=10.2.0.3 \
  --create-boot-disk image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

Create a VM for File Share WitnessCreate a VM for File Share Witness

A file server with internet access is used to configure VMs with Active Directory.

yc compute instance create \
  --name fsw-vm \
  --hostname fsw-vm \
  --memory 4 \
  --cores 2 \
  --zone ru-central1-d \
  --network-interface subnet-name=exchange-subnet-d,nat-ip-version=ipv4 \
  --create-boot-disk image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

Install and configure Active DirectoryInstall and configure Active Directory

VMs with Active Directory do not have internet access, so they should be configured from the fsw-vm VM using RDP.

1. Connect to fsw-vm using RDP. Enter Administrator as the username and then your password.

2. On the fsw-vm VM instance, start the RDP client and connect to the ad-vm-a VM. Enter Administrator as the username and then your password.

3. On the ad-vm-a VM, run PowerShell and set a static address:

   netsh interface ip set address "eth0" static 10.1.0.3 255.255.255.0 10.1.0.1
   

4. Create a temporary folder:

   mkdir C:\Windows\temp
   

5. Assign Active Directory roles:

   Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
   

   Result:

   Success Restart Needed Exit Code      Feature Result
   ------- -------------- ---------      --------------
   True    No             Success        {Active Directory Domain Services, Group P...
   

6. Create an Active Directory forest:

   Install-ADDSForest -DomainName 'yantoso.net' -Force:$true
   

   Windows restarts automatically. After it restarts, log in to ad-vm-a with the yantoso\Administrator account login and your password. Relaunch PowerShell.

7. Rename the default site ru-central1-a:

   Get-ADReplicationSite 'Default-First-Site-Name' | Rename-ADObject -NewName 'ru-central1-a'
   

8. Create two more sites for the other availability zones:

   New-ADReplicationSite 'ru-central1-b'
   New-ADReplicationSite 'ru-central1-d'
   

9. Create subnets and link them to the sites:

   New-ADReplicationSubnet -Name '10.1.0.0/16' -Site 'ru-central1-a'
   New-ADReplicationSubnet -Name '10.2.0.0/16' -Site 'ru-central1-b'
   New-ADReplicationSubnet -Name '10.3.0.0/16' -Site 'ru-central1-d'
   

10. Rename the site link and configure replication:

    Get-ADReplicationSiteLink 'DEFAULTIPSITELINK' | `
        Set-ADReplicationSiteLink -SitesIncluded @{Add='ru-central1-b'} -ReplicationFrequencyInMinutes 15 -PassThru | `
        Set-ADObject -Replace @{options = $($_.options -bor 1)} -PassThru | `
        Rename-ADObject -NewName 'ru-central1'
    

11. Set the DNS redirect server:

    Set-DnsServerForwarder '10.1.0.2'
    

12. Configure the DNS client:

    Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.2.0.3,127.0.0.1"
    

Configure the second domain controllerConfigure the second domain controller

1. Connect to fsw-vm using RDP. Enter Administrator as the username and then your password.

2. On the fsw-vm VM instance, start the RDP client and connect to the ad-vm-b VM. Enter Administrator as the username and then your password.

3. Create a temporary folder:

   mkdir C:\Windows\temp
   

4. Assign Active Directory roles:

   Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
   

   Result:

   Success Restart Needed Exit Code      Feature Result
   ------- -------------- ---------      --------------
   True    No             Success        {Active Directory Domain Services, Group P...
   

5. Configure the DNS client:

   Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.1.0.3,127.0.0.1"
   

6. Configure a static IP address:

   netsh interface ip set address "eth0" static 10.2.0.3 255.255.255.0 10.2.0.1
   

7. Add the controller to the domain:

   Install-ADDSDomainController `
       -Credential (Get-Credential "yantoso\Administrator") `
       -DomainName 'yantoso.net' `
       -Force:$true
   

   Windows restarts automatically. After it restarts, log in to ad-vm-b with the yantoso\Administrator account and your password. Relaunch PowerShell.

8. Set the DNS redirect server:

   Set-DnsServerForwarder '10.2.0.2'
   

Install Microsoft ExchangeInstall Microsoft Exchange

1. Connect to fsw-vm using RDP and launch PowerShell.

2. Configure the DNS client:

   Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.1.0.3,10.2.0.3"
   

3. Add the server to the domain:

   $Credentials = Get-Credential # yantoso\Administrator
   Add-Computer -DomainName yantoso.net -DomainCredential $Credentials -Force -Restart
   

   Windows restarts automatically. After it restarts, log in to fsw-vm with the yantoso\Administrator account login and your password. Relaunch PowerShell.

4. Create a folder named distrib:

   mkdir c:\distrib
   

5. Download the Exchange Server distribution and required dependencies:

   1. .NET Framework 4.7.2.
   2. Visual C++ Redistributable Package for Visual Studio 2012. Rename the downloaded file to vcredist_x64_2012.exe.
   3. Visual C++ Redistributable Package for Visual Studio 2013. Rename the downloaded file to vcredist_x64_2013.exe.
   4. Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit.

   Put the distributions in the directory C:\distrib.

6. Grant shared access from the domain to the directory with distributions:

   New-SmbShare -ReadAccess 'yantoso\domain users' -Path 'c:\distrib' -Name 'distrib'
   

Create Microsoft Exchange serversCreate Microsoft Exchange servers

Create the first Exchange serverCreate the first Exchange server

1. Create a VM named vm-exchange-a:

   Management console

   CLI

   1. On the folder page in the management console, click Create resource and select Virtual machine.

   2. In the Name field, enter the VM name: vm-exchange-a.

   3. Select the ru-central1-a availability zone.

   4. Under Image/boot disk selection, click the Cloud Marketplace tab, and select the Windows Server 2016 Datacenter image.

   5. Under Disks, enter 100 GB for the size of the boot disk.

   6. Add another 250 GB SSD named db-a.

   7. Under Computing resources:

      • Select the platform: Intel Ice Lake.
      • Specify the required number of vCPUs and the amount of RAM:
        • vCPU: 8
        • Guaranteed vCPU share: 100%
        • RAM: 32 GB

   8. Under Network settings, select the exchange-subnet-a subnet. In the Public addressfield, select No address.

   9. Click Create VM.

   Wait for the VM status to change to Running and reset the password:

   1. Select the VM.
   2. Click Reset password.
   3. Specify the Username to reset the password for. If there is no user with that name on the VM, this user will be created with administrator access.
   4. Click Generate password.
   5. Save the New password. It will become unavailable once you close the window.

   yc compute instance create \
     --name vm-exchange-a \
     --hostname vm-exchange-a \
     --memory 32 \
     --cores 8 \
     --zone ru-central1-a \
     --network-interface subnet-name=exchange-subnet-a \
     --create-boot-disk size=100,image-folder-id=standard-images,image-family=windows-2016-gvlk \
     --create-disk type=network-ssd,size=250,auto-delete=false \
     --metadata-from-file user-data=setpass
   

2. Connect to fsw-vm using RDP.

3. On the fsw-vm VM instance, start the RDP client and connect to the vm-exchange-a VM. Enter Administrator as the username and then your password. Launch PowerShell.

4. Configure the DNS client:

   Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.1.0.3"
   

5. Add vm-exchange-a to the domain:

   $Credentials = Get-Credential # yantoso\Administrator
   Add-Computer -DomainName yantoso.net -DomainCredential $Credentials -Force -Restart
   

   After it restarts, log in to the VM with the yantoso\Administrator account login and your password. Relaunch PowerShell.

6. Install the downloaded dependencies in the following order:

   1. & \\fsw-vm\distrib\vcredist_x64_2012.exe /install /passive /norestart
   2. & \\fsw-vm\distrib\vcredist_x64_2013.exe /install /passive /norestart
   3. & \\fsw-vm\distrib\UcmaRuntimeSetup.exe /install /passive /norestart
   4. & \\fsw-vm\distrib\NDP472-KB4054530-x86-x64-AllOS-ENU.exe /install /passive /norestart

7. Restart the VM: Restart-Computer -Force.

   After it restarts, log in to the VM with the yantoso\Administrator account login and your password. Relaunch PowerShell.

8. Install Exchange Mailbox Server on vm-exchange-a. Mount the distribution image from the shared folder with distributions:

   Mount-DiskImage \\fsw-vm\distrib\ExchangeServer2016-x64-cu13.iso
   

9. Install Exchange Mailbox Server:

   & D:\Setup.exe /Mode:Install /InstallWindowsComponents /Role:Mailbox /IAcceptExchangeServerLicenseTerms /OrganizationName:MyOrg
   Restart-Computer -Force
   

   When the installation is complete, the VM restarts automatically.

Create the second Exchange serverCreate the second Exchange server

1. Create a VM named vm-exchange-b:

   Management console

   CLI

   1. On the folder page in the management console, click Create resource and select Virtual machine.

   2. In the Name field, enter the VM name: vm-exchange-b.

   3. Select the ru-central1-b availability zone.

   4. Under Image/boot disk selection, click the Cloud Marketplace tab, and select the Windows Server 2016 Datacenter image.

   5. Under Disks, enter 100 GB for the size of the boot disk.

   6. Add another 250 GB SSD named db-b.

   7. Under Computing resources:

      • Select the platform: Intel Ice Lake.
      • Specify the required number of vCPUs and the amount of RAM:
        • vCPU: 8
        • Guaranteed vCPU share: 100%
        • RAM: 32 GB

   8. Under Network settings, select the exchange-subnet-b subnet. In the Public addressfield, select No address.

   9. Click Create VM.

   Wait for the VM status to change to Running and reset the password:

   1. Select the VM.
   2. Click Reset password.
   3. Specify the Username to reset the password for. If there is no user with that name on the VM, this user will be created with administrator access.
   4. Click Generate password.
   5. Save the New password. It will become unavailable once you close the window.

   yc compute instance create \
     --name vm-exchange-b \
     --hostname vm-exchange-b \
     --memory 32 \
     --cores 8 \
     --zone ru-central1-b \
     --network-interface subnet-name=exchange-subnet-b \
     --create-boot-disk size=100,image-folder-id=standard-images,image-family=windows-2016-gvlk \
     --create-disk type=network-ssd,size=250,auto-delete=false \
     --metadata-from-file user-data=setpass
   

2. Connect to fsw-vm using RDP.

3. On the fsw-vm VM instance, start the RDP client and connect to the vm-exchange-b VM. Enter Administrator as the username and then your password. Launch PowerShell.

4. Configure the DNS client:

   Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.1.0.3"
   

5. Add vm-exchange-a to the domain:

   $Credentials = Get-Credential # yantoso\Administrator
   Add-Computer -DomainName yantoso.net -DomainCredential $Credentials -Force -Restart
   

   After it restarts, log in to the VM with the yantoso\Administrator account login and your password. Relaunch PowerShell.

6. Install the downloaded dependencies in the following order:

   1. & \\fsw-vm\distrib\vcredist_x64_2012.exe /install /passive /norestart
   2. & \\fsw-vm\distrib\vcredist_x64_2013.exe /install /passive /norestart
   3. & \\fsw-vm\distrib\UcmaRuntimeSetup.exe /install /passive /norestart
   4. & \\fsw-vm\distrib\NDP472-KB4054530-x86-x64-AllOS-ENU.exe /install /passive /norestart

7. Restart the VM: Restart-Computer -Force.

   After it restarts, log in to the VM with the yantoso\Administrator account login and your password. Relaunch PowerShell.

8. Install Exchange Mailbox Server on vm-exchange-b. Mount the distribution image from the shared folder with distributions:

   Mount-DiskImage \\fsw-vm\distrib\ExchangeServer2016-x64-cu13.iso
   

9. Install Exchange Mailbox Server:

   & D:\Setup.exe /Mode:Install /InstallWindowsComponents /Role:Mailbox /IAcceptExchangeServerLicenseTerms /OrganizationName:MyOrg
   Restart-Computer -Force
   

   When the installation is complete, the VM restarts automatically.

Create a Database Availability GroupCreate a Database Availability Group

A Database Availability Group ensures fault tolerance for mail servers via DB replication and automatic DB failover in the event of a crash.

1. Connect to fsw-vm using RDP.

2. Grant the yantoso\Exchange Trusted Subsystem group administrator privileges to the fsw-vm VM:

   Add-LocalGroupMember -Group 'Administrators' -Member 'yantoso\Exchange Trusted Subsystem'
   

Create disks for VM databasesCreate disks for VM databases

1. On fsw-vm, start the RDP client and connect to vm-exchange-a. Enter yantoso\Administrator as the username and then your password.

2. Create an additional disk and format it:

   Get-Disk | `
       Where-Object PartitionStyle -eq raw | `
       Initialize-Disk -PartitionStyle GPT -PassThru | `
       New-Partition -DriveLetter 'Z' -UseMaximumSize | `
       Format-Volume -FileSystem NTFS -NewFileSystemLabel "mdb" -Confirm:$false -AllocationUnitSize 65536
   

3. Install the Failover-Clustering role:

   Install-WindowsFeature -Name 'Failover-Clustering' -IncludeManagementTools
   

Repeat these commands for the vm-exchange-b VM.

Configure the Database Availability GroupConfigure the Database Availability Group

1. On the fsw-vm VM instance, start the RDP client and use it to connect to the vm-exchange-a VM. Enter yantoso\Administrator as the username and then your password.

2. Run the Exchange Management Shell.

3. Create a Database Availability Group:

   New-DatabaseAvailabilityGroup `
       -Name ycdag `
       -WitnessServer fsw-vm `
       -DatabaseAvailabilityGroupIpAddresses 255.255.255.255
   

4. Add the vm-exchange-a and vm-exchange-b servers to the Database Availability Group (DAG):

   Add-DatabaseAvailabilityGroupServer -Identity ycdag -MailboxServer vm-exchange-a
   Add-DatabaseAvailabilityGroupServer -Identity ycdag -MailboxServer vm-exchange-b
   

5. Check the status of the servers. Both should be in the Operational Servers column:

   Get-DatabaseAvailabilityGroup -Status
   

   Result:

   Name             Member Servers                                      Operational Servers
   ----             --------------                                      -------------------
   ycdag            {VM-EXCHANGE-A, VM-EXCHANGE-B}                    {VM-EXCHANGE-A, VM-EXCHANGE-B}
   

6. Create a mail server database:

   New-MailboxDatabase -Name yamdb -EdbFilePath 'Z:\MDB\yamdb\yamdb.edb' -LogFolderPath 'Z:\MDB\yamdb\log' -Server vm-exchange-a
   

7. Mount the database:

   Mount-Database yamdb
   

8. Create a copy of the database on the second server:

   Add-MailboxDatabaseCopy -Identity yamdb -MailboxServer vm-exchange-b -SeedingPostponed
   Update-MailboxDatabasecopy yamdb\vm-exchange-b –CatalogOnly
   

9. Check the DB status:

   Get-MailboxDatabaseCopyStatus -Server vm-exchange-a
   Get-MailboxDatabaseCopyStatus -Server vm-exchange-b
   

Configure Client AccessConfigure Client Access

To work with various client applications, you need to create virtual directories.

1. Set the mail domain:

   $MailDomain = "mail.yantoso.net"
   

2. ECP:

   Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -ExternalUrl "https://$MailDomain/ecp"
   

3. EWS:

   Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl "https://$MailDomain/ews/exchange.asmx"
   

4. Active Sync:

   Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -ExternalUrl "https://$MailDomain/Microsoft-Server-ActiveSync"
   

5. OAB:

   Get-OabVirtualDirectory | Set-OabVirtualDirectory -ExternalUrl "https://$MailDomain/OAB"
   

6. OWA:

   Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -ExternalUrl "https://$MailDomain/owa"
   

7. PowerShell:

   Get-PowerShellVirtualDirectory | Set-PowerShellVirtualDirectory -ExternalUrl "https://$MailDomain/powershell"
   

8. MAPI:

   Get-MapiVirtualDirectory | Set-MapiVirtualDirectory -ExternalUrl "https://$MailDomain/mapi"
   

Configure the network load balancerConfigure the network load balancer

It distributes the load across Exchange servers in different availability zones.

Configure Accepted Domains and Email Address PolicyConfigure Accepted Domains and Email Address Policy

A domain is created by default. If you need to change the domain, use the command:

New-AcceptedDomain -Name yantoso.net -DomainName yantoso.net

Edit the Email Address Policy:

Get-EmailAddressPolicy | Set-EmailAddressPolicy -EnabledPrimarySMTPAddressTemplate '@yantoso.net'

An alias with the @yantoso.net domain is automatically added to all the new mailboxes.

Create a VM for Edge Transport serversCreate a VM for Edge Transport servers

Edge Transport servers handle the main user load: accept emails from the internet, filter out spam, and forward messages to the internal Exchange mail servers.

Create a VM for the vm-edge-a serverCreate a VM for the vm-edge-a server

Create a VM named vm-edge-a:

yc compute instance create \
  --name vm-edge-a \
  --hostname vm-edge-a \
  --memory 8 \
  --cores 4 \
  --zone ru-central1-a \
  --network-interface subnet-name=exchange-subnet-a,nat-ip-version=ipv4 \
  --create-boot-disk size=50,image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

Create a VM for the vm-edge-b serverCreate a VM for the vm-edge-b server

Create a VM named vm-edge-b:

yc compute instance create \
  --name vm-edge-b \
  --hostname vm-edge-b \
  --memory 8 \
  --cores 4 \
  --zone ru-central1-b \
  --network-interface subnet-name=exchange-subnet-b,nat-ip-version=ipv4 \
  --create-boot-disk size=50,image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

Configure Edge Transport serversConfigure Edge Transport servers

Configure the Edge Transport server in the ru-central1-a zoneConfigure the Edge Transport server in the ru-central1-a zone

1. Connect to fsw-vm using RDP.

2. Connect to vm-edge-a using RDP. Enter Administrator as the username and then your password. Launch PowerShell.

3. Create a temporary folder:

   mkdir C:\Windows\temp
   

4. Install ADLDS roles on the server:

   Install-WindowsFeature ADLDS
   

5. Configure the DNS client:

   Get-NetAdapter | `
       Set-DnsClientServerAddress -ServerAddresses "10.1.0.3,10.2.0.3"
   

6. Configure remote access to the directory with distributions on fsw-vm:

   $Credential = Get-Credential # Username: yantoso\Administrator
   
   New-PSDrive -Name 'fsw-vm' -PSProvider:FileSystem -Root '\\fsw-vm.ru-central1.internal\distrib' -Credential $Credential
   

   Enter yantoso\Administrator as the username and then your password.

7. Install the dependencies:

   & fsw-vm:\vcredist_x64_2012.exe /install /passive /norestart
   & fsw-vm:\NDP472-KB4054530-x86-x64-AllOS-ENU.exe /install /passive /norestart
   

8. Copy the Microsoft Exchange distribution to the vm-edge-a server:

   copy-item fsw-vm:\ExchangeServer2016-x64-cu13.iso c:\windows\temp\ExchangeServer2016-x64-cu13.iso
   

9. Specify the primary DNS suffix:

   $Suffix = 'ru-central1.internal'
   
   Set-ItemProperty -path HKLM:\system\CurrentControlSet\Services\tcpip\parameters -Name Domain -Value $Suffix
   
   Set-ItemProperty -path HKLM:\system\CurrentControlSet\Services\tcpip\parameters -Name 'NV Domain' -Value $Suffix
   

10. Restart the VM:

    Restart-Computer -Force
    

    Reconnect to vm-edge-a using RDP and launch PowerShell.

11. Mount the Exchange Server distribution:

    Mount-DiskImage c:\windows\temp\ExchangeServer2016-x64-cu13.iso
    

12. Install Edge Transport Server on the vm-edge-a server:

    & D:\Setup.exe /Mode:Install /InstallWindowsComponents /Role:EdgeTransport /IAcceptExchangeServerLicenseTerms /OrganizationName:MyOrg
    

Configure the Edge Transport server in the ru-central1-b zoneConfigure the Edge Transport server in the ru-central1-b zone

1. Connect to fsw-vm using RDP.

2. Connect to vm-edge-b using RDP. Enter Administrator as the username and then your password. Launch PowerShell.

3. Create a temporary folder:

   mkdir C:\Windows\temp
   

4. Install ADLDS roles on the server:

   Install-WindowsFeature ADLDS
   

5. Configure the DNS client:

   Get-NetAdapter | `
       Set-DnsClientServerAddress -ServerAddresses "10.2.0.3,10.1.0.3"
   

6. Configure remote access to the directory with distributions on fsw-vm:

   $Credential = Get-Credential # Username: yantoso\Administrator
   
   New-PSDrive -Name 'fsw-vm' -PSProvider:FileSystem -Root '\\fsw-vm.ru-central1.internal\distrib' -Credential $Credential
   

   Enter yantoso\Administrator as the username and then your password.

7. Install the dependencies:

   & fsw-vm:\vcredist_x64_2012.exe /install /passive /norestart
   & fsw-vm:\NDP472-KB4054530-x86-x64-AllOS-ENU.exe /install /passive /norestart
   

8. Copy the Microsoft Exchange distribution to vm-edge-b:

   copy-item fsw-vm:\ExchangeServer2016-x64-cu13.iso c:\windows\temp\ExchangeServer2016-x64-cu13.iso
   

9. Specify the primary DNS suffix:

   $Suffix = 'ru-central1.internal'
   
   Set-ItemProperty -path HKLM:\system\CurrentControlSet\Services\tcpip\parameters -Name Domain -Value $Suffix
   
   Set-ItemProperty -path HKLM:\system\CurrentControlSet\Services\tcpip\parameters -Name 'NV Domain' -Value $Suffix
   

10. Restart the VM:

    Restart-Computer -Force
    

    Reconnect to vm-edge-b using RDP and launch PowerShell.

11. Mount the Exchange Server distribution:

    Mount-DiskImage c:\windows\temp\ExchangeServer2016-x64-cu13.iso
    

12. Install Edge Transport Server on vm-edge-b:

    & D:\Setup.exe /Mode:Install /InstallWindowsComponents /Role:EdgeTransport /IAcceptExchangeServerLicenseTerms /OrganizationName:MyOrg
    

Add Edge Transport servers to ExchangeAdd Edge Transport servers to Exchange

Each Edge Transport server must subscribe to a website in its own availability zone.

Set up a subscription on the vm-edge-a serverSet up a subscription on the vm-edge-a server

1. Create a folder named subscribe:

   mkdir c:\subscribe
   

2. Run the Exchange Management Shell. Create a subscription file on vm-edge-a:

   New-EdgeSubscription -FileName "C:\subscribe\$(hostname).xml"
   

3. Copy C:\subscribe\vm-edge-a.xml to the C:\root\vm-edge-a.xml directory of the vm-exchange-a server.

4. Log in to vm-exchange-a and run the Exchange Management Shell.

5. Subscribe the vm-edge-a Edge Transport server to the ru-central1-a website:

   New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\root\vm-edge-a.xml" -Encoding Byte -ReadCount 0)) -Site "ru-central1-a"
   

6. Make sure that the subscription is created using the command:

   Get-EdgeSubscription
   

   Result:

   Name            Site                 Domain
   ----            ----                 ------
   vm-edge-a       yantoso.net/Confi... ru-central1.internal
   

7. Check the sync status:

   Test-EdgeSynchronization
   

   The SyncStatus value must be Normal.

Set up a subscription on the vm-edge-b serverSet up a subscription on the vm-edge-b server

1. Create a folder named subscribe:

   mkdir c:\subscribe
   

2. Run the Exchange Management Shell. Create a subscription file on the vm-edge-b server:

   New-EdgeSubscription -FileName "C:\subscribe\$(hostname).xml"
   

3. Copy C:\subscribe\vm-edge-b.xml to the C:\root\vm-edge-b.xml directory of the vm-exchange-b server.

4. Log in to the vm-exchange-b server and run the Exchange Management Shell.

5. Subscribe the vm-edge-b Edge Transport server to the ru-central1-b website:

   New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\root\vm-edge-b.xml" -Encoding Byte -ReadCount 0)) -Site "ru-central1-b"
   

6. Make sure that the subscription is created using the command:

   Get-EdgeSubscription
   

   Result:

   Name            Site                 Domain
   ----            ----                 ------
   vm-edge-a       yantoso.net/Confi... ru-central1.internal
   vm-edge-b       yantoso.net/Confi... ru-central1.internal
   

7. Check the sync status:

   Test-EdgeSynchronization
   

   The SyncStatus value must be Normal.

How to delete the resources you createdHow to delete the resources you created

To stop paying for the deployed servers, delete all the VMs and load balancer:

• fsw-vm
• ad-vm-a
• ad-vm-b
• vm-exchange-a
• vm-exchange-b
• vm-edge-a
• vm-edge-b
• load balancer exchange-lb