Deploying Microsoft Exchange

This tutorial describes how to deploy Microsoft Exchange servers in Yandex Cloud. You will install two Microsoft Exchange mail servers, two Active Directory servers, and two Edge Transport servers in the ru-central1-a and ru-central1-b availability zones. A network load balancer will distribute load across the servers. To manage the servers, you will use a separate VM with internet access hosted in the ru-central1-d availability zone.

1. Get your cloud ready.
2. Create a cloud network and subnets.
3. Create a script to manage a local administrator account.
4. Create a VM for Active Directory.
5. Create a VM for File Share Witness.
6. Install and configure Active Directory.
7. Configure the second domain controller.
8. Install Microsoft Exchange.
9. Set up Microsoft Exchange servers.
10. Create a database availability group.
11. Configure Client Access.
12. Configure a network load balancer.
13. Configure accepted domains and the email address policy.
14. Create and configure a VM for Edge Transport servers.
15. Configure Edge Transport servers.
16. Add Edge Transport servers to Exchange.

If you no longer need the resources you created, delete them.

Get your cloud readyGet your cloud ready

Sign up for Yandex Cloud and create a billing account:

1. Navigate to the management console and log in to Yandex Cloud or create a new account.
2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure.

Learn more about clouds and folders here.

Required paid resourcesRequired paid resources

The cost of running a Microsoft Exchange instance includes:

• Fee for continuously running virtual machines (see Yandex Compute Cloud pricing).
• Fee for load balancing (see Yandex Network Load Balancer pricing).
• Fee for using dynamic or static public IP addresses (see Yandex Virtual Private Cloud pricing).
• Fee for Yandex Cloud outbound internet traffic (see Yandex Compute Cloud pricing).

Create a cloud network and subnetsCreate a cloud network and subnets

Create a cloud network named exchange-network with subnets in all availability zones that will host your VMs.

1. Create a cloud network:

   Management console

   CLI

   To create a cloud network:

   1. Open the Virtual Private Cloud section in the folder where you want to create a cloud network.
   2. Click Create network.
   3. Specify exchange-network as the network name.
   4. Click Create network.

   To create a cloud network, run this command:

   yc vpc network create --name exchange-network
   

2. Create three subnets in exchange-network:

   Management console

   CLI

   To create a subnet:

   1. Open the Virtual Private Cloud section in the folder where you want to create a subnet.
   2. Click the name of your cloud network.
   3. Click Add subnet.
   4. Specify exchange-subnet-a as the name and select the ru-central1-a availability zone from the drop-down list.
   5. Enter the subnet CIDR: IP address and subnet mask 10.1.0.0/16. For more information about IP address ranges, see Cloud networks and subnets.
   6. Click Create subnet.

   Repeat these steps for two more subnets, exchange-subnet-b and exchange-subnet-d, in the ru-central1-b and ru-central1-d availability zones with 10.2.0.0/16 and 10.3.0.0/16 as the CIDR, respectively.

   To create subnets, run these commands:

   yc vpc subnet create \
     --name exchange-subnet-a \
     --zone ru-central1-a \
     --network-name exchange-network \
     --range 10.1.0.0/16
   
   yc vpc subnet create \
     --name exchange-subnet-b \
     --zone ru-central1-b \
     --network-name exchange-network \
     --range 10.2.0.0/16
   
   yc vpc subnet create \
     --name exchange-subnet-d \
     --zone ru-central1-d \
     --network-name exchange-network \
     --range 10.3.0.0/16
   

Create a script to manage a local administrator accountCreate a script to manage a local administrator account

Create a file named setpass with a script that will set a password for the local administrator account when you create VMs via the CLI:

#ps1
Get-LocalUser | Where-Object SID -like *-500 | Set-LocalUser -Password (ConvertTo-SecureString "<your_password>" -AsPlainText -Force)

The password must meet the complexity requirements.

To learn about the best practices for securing Active Directory, see this MS article.

Create a VM for Active DirectoryCreate a VM for Active Directory

Create two virtual machines for Active Directory. These VMs will not have internet access.

yc compute instance create \
  --name ad-vm-a \
  --hostname ad-vm-a \
  --memory 8 \
  --cores 4 \
  --zone ru-central1-a \
  --network-interface subnet-name=exchange-subnet-a,ipv4-address=10.1.0.3 \
  --create-boot-disk image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

yc compute instance create \
  --name ad-vm-b \
  --hostname ad-vm-b \
  --memory 8 \
  --cores 4 \
  --zone ru-central1-b \
  --network-interface subnet-name=exchange-subnet-b,ipv4-address=10.2.0.3 \
  --create-boot-disk image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

Create a VM for File Share WitnessCreate a VM for File Share Witness

You will use a file server with internet access to configure VMs with Active Directory.

yc compute instance create \
  --name fsw-vm \
  --hostname fsw-vm \
  --memory 4 \
  --cores 2 \
  --zone ru-central1-d \
  --network-interface subnet-name=exchange-subnet-d,nat-ip-version=ipv4 \
  --create-boot-disk image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

Install and configure Active DirectoryInstall and configure Active Directory

Active Directory VMs do not have internet access. To configure them, use fsw-vm through RDP.

1. Connect to fsw-vm through RDP. Use Administrator as your username and enter your password.

2. On fsw-vm, run RDP and connect to ad-vm-a. Use Administrator as your username and enter your password.

3. Run PowerShell on ad-vm-a and set a static address:

   netsh interface ip set address "eth0" static 10.1.0.3 255.255.255.0 10.1.0.1
   

4. Create a temporary folder:

   mkdir C:\Windows\temp
   

5. Assign Active Directory roles:

   Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
   

   Result:

   Success Restart Needed Exit Code      Feature Result
   ------- -------------- ---------      --------------
   True    No             Success        {Active Directory Domain Services, Group P...
   

6. Create an Active Directory forest:

   Install-ADDSForest -DomainName 'yantoso.net' -Force:$true
   

   Windows will restart automatically. After the reboot, connect to ad-vm-a using the yantoso\Administrator account and your password. Relaunch PowerShell.

7. Rename the default site to ru-central1-a:

   Get-ADReplicationSite 'Default-First-Site-Name' | Rename-ADObject -NewName 'ru-central1-a'
   

8. Create two more sites for the other availability zones:

   New-ADReplicationSite 'ru-central1-b'
   New-ADReplicationSite 'ru-central1-d'
   

9. Create subnets and link them to the sites:

   New-ADReplicationSubnet -Name '10.1.0.0/16' -Site 'ru-central1-a'
   New-ADReplicationSubnet -Name '10.2.0.0/16' -Site 'ru-central1-b'
   New-ADReplicationSubnet -Name '10.3.0.0/16' -Site 'ru-central1-d'
   

10. Rename the site link and configure replication:

    Get-ADReplicationSiteLink 'DEFAULTIPSITELINK' | `
        Set-ADReplicationSiteLink -SitesIncluded @{Add='ru-central1-b'} -ReplicationFrequencyInMinutes 15 -PassThru | `
        Set-ADObject -Replace @{options = $($_.options -bor 1)} -PassThru | `
        Rename-ADObject -NewName 'ru-central1'
    

11. Set the DNS server forwarder:

    Set-DnsServerForwarder '10.1.0.2'
    

12. Configure the DNS client:

    Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.2.0.3,127.0.0.1"
    

Configure the second domain controllerConfigure the second domain controller

1. Connect to fsw-vm through RDP. Use Administrator as your username and enter your password.

2. On fsw-vm, run RDP and connect to ad-vm-b. Use Administrator as your username and enter your password.

3. Create a temporary folder:

   mkdir C:\Windows\temp
   

4. Assign Active Directory roles:

   Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
   

   Result:

   Success Restart Needed Exit Code      Feature Result
   ------- -------------- ---------      --------------
   True    No             Success        {Active Directory Domain Services, Group P...
   

5. Configure the DNS client:

   Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.1.0.3,127.0.0.1"
   

6. Configure a static IP address:

   netsh interface ip set address "eth0" static 10.2.0.3 255.255.255.0 10.2.0.1
   

7. Add the controller to the domain:

   Install-ADDSDomainController `
       -Credential (Get-Credential "yantoso\Administrator") `
       -DomainName 'yantoso.net' `
       -Force:$true
   

   Windows will restart automatically. After the reboot, connect to ad-vm-b using the yantoso\Administrator account and your password. Relaunch PowerShell.

8. Set the DNS server forwarder:

   Set-DnsServerForwarder '10.2.0.2'
   

Install Microsoft ExchangeInstall Microsoft Exchange

1. Connect to fsw-vm using RDP and run PowerShell.

2. Configure the DNS client:

   Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.1.0.3,10.2.0.3"
   

3. Add the server to the domain:

   $Credentials = Get-Credential # yantoso\Administrator
   Add-Computer -DomainName yantoso.net -DomainCredential $Credentials -Force -Restart
   

   Windows will restart automatically. After the reboot, connect to fsw-vm using the yantoso\Administrator account and your password. Relaunch PowerShell.

4. Create the distrib folder:

   mkdir c:\distrib
   

5. Download the Exchange Server distribution kit and required dependencies:

   1. .NET Framework 4.7.2.
   2. Visual C++ Redistributable Package for Visual Studio 2012. Rename the downloaded file to vcredist_x64_2012.exe.
   3. Visual C++ Redistributable Package for Visual Studio 2013. Rename the downloaded file to vcredist_x64_2013.exe.
   4. Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit.

   Place the distribution kits in the C:\distrib directory.

6. Grant shared access from the domain to the distribution directory:

   New-SmbShare -ReadAccess 'yantoso\domain users' -Path 'c:\distrib' -Name 'distrib'
   

Set up Microsoft Exchange serversSet up Microsoft Exchange servers

Set up the first Exchange serverSet up the first Exchange server

1. Create a VM named vm-exchange-a:

   Management console

   CLI

   1. On the folder dashboard in the management console, click Create resource and select Virtual machine instance.

   2. Under Boot disk image:

      • Navigate to the Custom tab.
      • Click Select and select Create in the window that opens.
      • In the Contents field, select Image and then, the Windows Server 2016 Datacenter image from the list below. For more information on how to upload your own image for Microsoft products, see Importing a custom image.
      • Optionally, enable Delete along with the virtual machine in the Additional field if you need this disk automatically deleted when deleting the VM.
      • Click Add disk.

   3. Under Location, select the ru-central1-a availability zone.

   4. Under Disks and file storages:

      • Set the boot disk size: 100 GB.
      • Click Add and add another 250 GB SSD named db-a.

   5. Under Computing resources, navigate to the Custom tab and specify the required platform, number of vCPUs, and amount of RAM:

      • Platform: Intel Ice Lake.
      • vCPU: 8.
      • Guaranteed vCPU performance: 100%.
      • RAM: 32 GB.

   6. Under Network settings, specify:

      • Subnet: exchange-subnet-a.
      • Public IP address: No address.

   7. Under General information, specify the VM name: vm-exchange-a.

   8. Click Create VM.

   Wait for the VM status to change to Running and reset the password:

   1. Select the VM.
   2. Click Reset password.
   3. Specify the Username to reset the password for. If there is no user with that name on the VM, this user will be created with administrator access.
   4. Click Generate password.
   5. Save the New password. It will become unavailable once you close the window.

   yc compute instance create \
     --name vm-exchange-a \
     --hostname vm-exchange-a \
     --memory 32 \
     --cores 8 \
     --zone ru-central1-a \
     --network-interface subnet-name=exchange-subnet-a \
     --create-boot-disk size=100,image-folder-id=standard-images,image-family=windows-2016-gvlk \
     --create-disk type=network-ssd,size=250,auto-delete=false \
     --metadata-from-file user-data=setpass
   

2. Connect to fsw-vm through RDP.

3. Run RDP on fsw-vm and connect to vm-exchange-a. Use Administrator as your username and enter your password. Launch PowerShell.

4. Configure the DNS client:

   Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.1.0.3"
   

5. Add vm-exchange-a to the domain:

   $Credentials = Get-Credential # yantoso\Administrator
   Add-Computer -DomainName yantoso.net -DomainCredential $Credentials -Force -Restart
   

   After the reboot, log in to the VM with the yantoso\Administrator account and your password. Relaunch PowerShell.

6. Install the downloaded dependencies in the following order:

   1. & \\fsw-vm\distrib\vcredist_x64_2012.exe /install /passive /norestart
   2. & \\fsw-vm\distrib\vcredist_x64_2013.exe /install /passive /norestart
   3. & \\fsw-vm\distrib\UcmaRuntimeSetup.exe /install /passive /norestart
   4. & \\fsw-vm\distrib\NDP472-KB4054530-x86-x64-AllOS-ENU.exe /install /passive /norestart

7. Restart the VM: Restart-Computer -Force.

   After the reboot, log in to the VM with the yantoso\Administrator account and your password. Relaunch PowerShell.

8. Install Exchange Mailbox Server on vm-exchange-a. Mount the distribution image from the shared folder containing the distribution kits:

   Mount-DiskImage \\fsw-vm\distrib\ExchangeServer2016-x64-cu13.iso
   

9. Install Exchange Mailbox Server:

   & D:\Setup.exe /Mode:Install /InstallWindowsComponents /Role:Mailbox /IAcceptExchangeServerLicenseTerms /OrganizationName:MyOrg
   Restart-Computer -Force
   

   After the installation is complete, the VM will restart automatically.

Create the second Exchange serverCreate the second Exchange server

1. Create a VM named vm-exchange-b:

   Management console

   CLI

   1. On the folder dashboard in the management console, click Create resource and select Virtual machine instance.

   2. Under Boot disk image:

      • Navigate to the Custom tab.
      • Click Select and select Create in the window that opens.
      • In the Contents field, select Image and then, the Windows Server 2016 Datacenter image from the list below. For more information on how to upload your own image for Microsoft products, see Importing a custom image.
      • Optionally, enable Delete along with the virtual machine in the Additional field if you need this disk automatically deleted when deleting the VM.
      • Click Add disk.

   3. Under Location, select the ru-central1-b availability zone.

   4. Under Disks and file storages:

      • Set the boot disk size: 100 GB.
      • Click Add and add another 250 GB SSD named db-b.

   5. Under Computing resources, navigate to the Custom tab and specify the required platform, number of vCPUs, and amount of RAM:

      • Platform: Intel Ice Lake.
      • vCPU: 8.
      • Guaranteed vCPU performance: 100%.
      • RAM: 32 GB.

   6. Under Network settings, specify:

      • Subnet: exchange-subnet-b.
      • Public IP address: No address.

   7. Under General information, specify the VM name: vm-exchange-b.

   8. Click Create VM.

   Wait for the VM status to change to Running and reset the password:

   1. Select the VM.
   2. Click Reset password.
   3. Specify the Username to reset the password for. If there is no user with that name on the VM, this user will be created with administrator access.
   4. Click Generate password.
   5. Save the New password. It will become unavailable once you close the window.

   yc compute instance create \
     --name vm-exchange-b \
     --hostname vm-exchange-b \
     --memory 32 \
     --cores 8 \
     --zone ru-central1-b \
     --network-interface subnet-name=exchange-subnet-b \
     --create-boot-disk size=100,image-folder-id=standard-images,image-family=windows-2016-gvlk \
     --create-disk type=network-ssd,size=250,auto-delete=false \
     --metadata-from-file user-data=setpass
   

2. Connect to fsw-vm through RDP.

3. Run RDP on fsw-vm and connect to vm-exchange-b. Use Administrator as your username and enter your password. Launch PowerShell.

4. Configure the DNS client:

   Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses "10.1.0.3"
   

5. Add vm-exchange-a to the domain:

   $Credentials = Get-Credential # yantoso\Administrator
   Add-Computer -DomainName yantoso.net -DomainCredential $Credentials -Force -Restart
   

   After the reboot, log in to the VM with the yantoso\Administrator account and your password. Relaunch PowerShell.

6. Install the downloaded dependencies in the following order:

   1. & \\fsw-vm\distrib\vcredist_x64_2012.exe /install /passive /norestart
   2. & \\fsw-vm\distrib\vcredist_x64_2013.exe /install /passive /norestart
   3. & \\fsw-vm\distrib\UcmaRuntimeSetup.exe /install /passive /norestart
   4. & \\fsw-vm\distrib\NDP472-KB4054530-x86-x64-AllOS-ENU.exe /install /passive /norestart

7. Restart the VM: Restart-Computer -Force.

   After the reboot, log in to the VM with the yantoso\Administrator account and your password. Relaunch PowerShell.

8. Install Exchange Mailbox Server on vm-exchange-b. Mount the distribution image from the shared folder containing the distribution kits:

   Mount-DiskImage \\fsw-vm\distrib\ExchangeServer2016-x64-cu13.iso
   

9. Install Exchange Mailbox Server:

   & D:\Setup.exe /Mode:Install /InstallWindowsComponents /Role:Mailbox /IAcceptExchangeServerLicenseTerms /OrganizationName:MyOrg
   Restart-Computer -Force
   

   After the installation is complete, the VM will restart automatically.

Create a database availability groupCreate a database availability group

A database availability group ensures fault tolerance for mailbox servers via DB replication and automatic DB failover in the event of a crash.

1. Connect to fsw-vm through RDP.

2. Grant the yantoso\Exchange Trusted Subsystem group administrator permissions for fsw-vm:

   Add-LocalGroupMember -Group 'Administrators' -Member 'yantoso\Exchange Trusted Subsystem'
   

Create disks for VM databasesCreate disks for VM databases

1. Run RDP on fsw-vm and connect to vm-exchange-a. Use yantoso\Administrator as your username and enter your password.

2. Create a secondary disk and format it:

   Get-Disk | `
       Where-Object PartitionStyle -eq raw | `
       Initialize-Disk -PartitionStyle GPT -PassThru | `
       New-Partition -DriveLetter 'Z' -UseMaximumSize | `
       Format-Volume -FileSystem NTFS -NewFileSystemLabel "mdb" -Confirm:$false -AllocationUnitSize 65536
   

3. Install the Failover-Clustering role:

   Install-WindowsFeature -Name 'Failover-Clustering' -IncludeManagementTools
   

Repeat these commands for vm-exchange-b.

Configure the database availability groupConfigure the database availability group

1. Run RDP on fsw-vm and connect to vm-exchange-a through RDP. Use yantoso\Administrator as your username and enter your password.

2. Run the Exchange Management Shell.

3. Create a database availability group:

   New-DatabaseAvailabilityGroup `
       -Name ycdag `
       -WitnessServer fsw-vm `
       -DatabaseAvailabilityGroupIpAddresses 255.255.255.255
   

4. Add the vm-exchange-a and vm-exchange-b servers to the DAG:

   Add-DatabaseAvailabilityGroupServer -Identity ycdag -MailboxServer vm-exchange-a
   Add-DatabaseAvailabilityGroupServer -Identity ycdag -MailboxServer vm-exchange-b
   

5. Check the status of your servers; both should be in the Operational Servers column:

   Get-DatabaseAvailabilityGroup -Status
   

   Result:

   Name             Member Servers                                      Operational Servers
   ----             --------------                                      -------------------
   ycdag            {VM-EXCHANGE-A, VM-EXCHANGE-B}                    {VM-EXCHANGE-A, VM-EXCHANGE-B}
   

6. Create a mailbox server database:

   New-MailboxDatabase -Name yamdb -EdbFilePath 'Z:\MDB\yamdb\yamdb.edb' -LogFolderPath 'Z:\MDB\yamdb\log' -Server vm-exchange-a
   

7. Mount this database:

   Mount-Database yamdb
   

8. Create a copy of this database on the second server:

   Add-MailboxDatabaseCopy -Identity yamdb -MailboxServer vm-exchange-b -SeedingPostponed
   Update-MailboxDatabasecopy yamdb\vm-exchange-b –CatalogOnly
   

9. Check the DB status:

   Get-MailboxDatabaseCopyStatus -Server vm-exchange-a
   Get-MailboxDatabaseCopyStatus -Server vm-exchange-b
   

Configure Client AccessConfigure Client Access

To work with various client applications, you need to create virtual directories.

1. Set the mail domain:

   $MailDomain = "mail.yantoso.net"
   

2. ECP:

   Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -ExternalUrl "https://$MailDomain/ecp"
   

3. EWS:

   Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl "https://$MailDomain/ews/exchange.asmx"
   

4. Active Sync:

   Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -ExternalUrl "https://$MailDomain/Microsoft-Server-ActiveSync"
   

5. OAB:

   Get-OabVirtualDirectory | Set-OabVirtualDirectory -ExternalUrl "https://$MailDomain/OAB"
   

6. OWA:

   Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -ExternalUrl "https://$MailDomain/owa"
   

7. PowerShell:

   Get-PowerShellVirtualDirectory | Set-PowerShellVirtualDirectory -ExternalUrl "https://$MailDomain/powershell"
   

8. MAPI:

   Get-MapiVirtualDirectory | Set-MapiVirtualDirectory -ExternalUrl "https://$MailDomain/mapi"
   

Configure a network load balancerConfigure a network load balancer

It will distribute the load across the Exchange servers in various availability zones.

Configure accepted domains and the email address policyConfigure accepted domains and the email address policy

By default, the system creates a domain for you. If you need to change the domain, use this command:

New-AcceptedDomain -Name yantoso.net -DomainName yantoso.net

Edit the email address policy:

Get-EmailAddressPolicy | Set-EmailAddressPolicy -EnabledPrimarySMTPAddressTemplate '@yantoso.net'

All new mailboxes will automatically get an alias with the @yantoso.net domain.

Create a VM for Edge Transport serversCreate a VM for Edge Transport servers

The Edge Transport servers will take on the main user load, such as receiving emails from the internet, filtering out spam, and forwarding messages to internal Exchange mailbox servers.

Create a VM for the serverCreate a VM for the vm-edge-a server

Create a VM named vm-edge-a:

yc compute instance create \
  --name vm-edge-a \
  --hostname vm-edge-a \
  --memory 8 \
  --cores 4 \
  --zone ru-central1-a \
  --network-interface subnet-name=exchange-subnet-a,nat-ip-version=ipv4 \
  --create-boot-disk size=50,image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

Create a VM for the vm-edge-b serverCreate a VM for the vm-edge-b server

Create a VM named vm-edge-b:

yc compute instance create \
  --name vm-edge-b \
  --hostname vm-edge-b \
  --memory 8 \
  --cores 4 \
  --zone ru-central1-b \
  --network-interface subnet-name=exchange-subnet-b,nat-ip-version=ipv4 \
  --create-boot-disk size=50,image-folder-id=standard-images,image-family=windows-2016-gvlk \
  --metadata-from-file user-data=setpass

Configure Edge Transport serversConfigure Edge Transport servers

Configure the Edge Transport server in the ru-central1-a zoneConfigure the Edge Transport server in the ru-central1-a zone

1. Connect to fsw-vm through RDP.

2. Connect to vm-edge-a through RDP. Use Administrator as your username and enter your password. Launch PowerShell.

3. Create a temporary folder:

   mkdir C:\Windows\temp
   

4. Install the ADLDS roles on the server:

   Install-WindowsFeature ADLDS
   

5. Configure the DNS client:

   Get-NetAdapter | `
       Set-DnsClientServerAddress -ServerAddresses "10.1.0.3,10.2.0.3"
   

6. Configure remote access to the distribution folder located on the fsw-vm server:

   $Credential = Get-Credential # Username: yantoso\Administrator
   
   New-PSDrive -Name 'fsw-vm' -PSProvider:FileSystem -Root '\\fsw-vm.ru-central1.internal\distrib' -Credential $Credential
   

   Enter yantoso\Administrator as your username and your password.

7. Install the dependencies:

   & fsw-vm:\vcredist_x64_2012.exe /install /passive /norestart
   & fsw-vm:\NDP472-KB4054530-x86-x64-AllOS-ENU.exe /install /passive /norestart
   

8. Copy the Microsoft Exchange distribution kit to the vm-edge-a server:

   copy-item fsw-vm:\ExchangeServer2016-x64-cu13.iso c:\windows\temp\ExchangeServer2016-x64-cu13.iso
   

9. Specify the primary DNS suffix:

   $Suffix = 'ru-central1.internal'
   
   Set-ItemProperty -path HKLM:\system\CurrentControlSet\Services\tcpip\parameters -Name Domain -Value $Suffix
   
   Set-ItemProperty -path HKLM:\system\CurrentControlSet\Services\tcpip\parameters -Name 'NV Domain' -Value $Suffix
   

10. Restart the VM:

    Restart-Computer -Force
    

    Reconnect to vm-edge-a through RDP and run PowerShell.

11. Mount the Exchange Server distribution kit:

    Mount-DiskImage c:\windows\temp\ExchangeServer2016-x64-cu13.iso
    

12. Install Edge Transport Server on the vm-edge-a server:

    & D:\Setup.exe /Mode:Install /InstallWindowsComponents /Role:EdgeTransport /IAcceptExchangeServerLicenseTerms /OrganizationName:MyOrg
    

Configure the Edge Transport server in the ru-central1-b zoneConfigure the Edge Transport server in the ru-central1-b zone

1. Connect to fsw-vm through RDP.

2. Connect to vm-edge-b through RDP. Use Administrator as your username and enter your password. Launch PowerShell.

3. Create a temporary folder:

   mkdir C:\Windows\temp
   

4. Install the ADLDS roles on the server:

   Install-WindowsFeature ADLDS
   

5. Configure the DNS client:

   Get-NetAdapter | `
       Set-DnsClientServerAddress -ServerAddresses "10.2.0.3,10.1.0.3"
   

6. Configure remote access to the distribution folder located on the fsw-vm server:

   $Credential = Get-Credential # Username: yantoso\Administrator
   
   New-PSDrive -Name 'fsw-vm' -PSProvider:FileSystem -Root '\\fsw-vm.ru-central1.internal\distrib' -Credential $Credential
   

   Enter yantoso\Administrator as your username and your password.

7. Install the dependencies:

   & fsw-vm:\vcredist_x64_2012.exe /install /passive /norestart
   & fsw-vm:\NDP472-KB4054530-x86-x64-AllOS-ENU.exe /install /passive /norestart
   

8. Copy the Microsoft Exchange distribution kit to the vm-edge-b server:

   copy-item fsw-vm:\ExchangeServer2016-x64-cu13.iso c:\windows\temp\ExchangeServer2016-x64-cu13.iso
   

9. Specify the primary DNS suffix:

   $Suffix = 'ru-central1.internal'
   
   Set-ItemProperty -path HKLM:\system\CurrentControlSet\Services\tcpip\parameters -Name Domain -Value $Suffix
   
   Set-ItemProperty -path HKLM:\system\CurrentControlSet\Services\tcpip\parameters -Name 'NV Domain' -Value $Suffix
   

10. Restart the VM:

    Restart-Computer -Force
    

    Reconnect to vm-edge-b through RDP and run PowerShell.

11. Mount the Exchange Server distribution kit:

    Mount-DiskImage c:\windows\temp\ExchangeServer2016-x64-cu13.iso
    

12. Install Edge Transport Server on the vm-edge-b server:

    & D:\Setup.exe /Mode:Install /InstallWindowsComponents /Role:EdgeTransport /IAcceptExchangeServerLicenseTerms /OrganizationName:MyOrg
    

Add the Edge Transport servers to ExchangeAdd the Edge Transport servers to Exchange

Each Edge Transport server must subscribe to a site in its own availability zone.

Set up a subscription on the serverSet up a subscription on the vm-edge-a server

1. Create the subscribe folder:

   mkdir c:\subscribe
   

2. Run the Exchange Management Shell. Create a subscription file on the vm-edge-a server:

   New-EdgeSubscription -FileName "C:\subscribe\$(hostname).xml"
   

3. Copy the C:\subscribe\vm-edge-a.xml file to the vm-exchange-a server, to the C:\root\vm-edge-a.xml folder.

4. Log in to the vm-exchange-a server and run the Exchange Management Shell.

5. Subscribe the vm-edge-a Edge Transport servers to the ru-central1-a site:

   New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\root\vm-edge-a.xml" -Encoding Byte -ReadCount 0)) -Site "ru-central1-a"
   

6. Use this command to check the subscription:

   Get-EdgeSubscription
   

   Result:

   Name            Site                 Domain
   ----            ----                 ------
   vm-edge-a       yantoso.net/Confi... ru-central1.internal
   

7. Check the sync status:

   Test-EdgeSynchronization
   

   The SyncStatus parameter should change to Normal.

Set up a subscription on the vm-edge-b serverSet up a subscription on the vm-edge-b server

1. Create the subscribe folder:

   mkdir c:\subscribe
   

2. Run the Exchange Management Shell. Create a subscription file on the vm-edge-b server:

   New-EdgeSubscription -FileName "C:\subscribe\$(hostname).xml"
   

3. Copy the C:\subscribe\vm-edge-b.xml file to the vm-exchange-b server, to the C:\root\vm-edge-b.xml folder.

4. Log in to the vm-exchange-b server and run the Exchange Management Shell.

5. Subscribe the vm-edge-b Edge Transport servers to the ru-central1-b site:

   New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\root\vm-edge-b.xml" -Encoding Byte -ReadCount 0)) -Site "ru-central1-b"
   

6. Make sure the subscription was created using this command:

   Get-EdgeSubscription
   

   Result:

   Name            Site                 Domain
   ----            ----                 ------
   vm-edge-a       yantoso.net/Confi... ru-central1.internal
   vm-edge-b       yantoso.net/Confi... ru-central1.internal
   

7. Check the sync status:

   Test-EdgeSynchronization
   

   The SyncStatus parameter should change to Normal.

How to delete the resources you createdHow to delete the resources you created

To stop paying for the deployed servers, delete all VMs and the load balancer:

• fsw-vm
• ad-vm-a
• ad-vm-b
• vm-exchange-a
• vm-exchange-b
• vm-edge-a
• vm-edge-b
• exchange-lb load balancer