ACTIVE DIRECTORY<\/strong><\/h3>\nThere\u2019s two ways you can do this:<\/p>\n
\n- Set up Exchange and the required accounts in a standard Account Forest<\/li>\n
- Set up Exchange in a Resource Forest and active accounts in an Account Forest, connected via the required trusts with Linked Mailboxes<\/li>\n<\/ul>\n
Organisational Units<\/span><\/h3>\nFirst thing to do before you even attempt to run setup.exe to install Exchange is to make sure your Active Directory Organisational Unit (OU) structure is up to scratch. If your customers are going to be logging onto a root domain, you want to make sure the OU structure is segregated. You don\u2019t want customers A, B and C all located in an OU called \u201cUsers\u201d just because you were preoccupied with trying to finally crack the Magicians Code on Channel 10 and didn\u2019t create the proper OU structure, which results in your colleague trying to differentiate between who belongs to customer A, B or C 6 months\u2019 down the track.<\/p>\n
In a nutshell, if you\u2019re hosting all your customers under a root domain, you want them segregated in separate OUs to make your administration life easier, kind of like the artwork presented below (Good ol\u2019 Visio never disappoints!)<\/p>\n
![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/20\/2021\/02\/hambik_post_image007.png\")
<\/p>\n
Now, no one will think differently of you if you decide to create your OU structure directly from Active Directory Users and Computers, however, if you decide to create it through PowerShell, not only will you be deemed Superior by your colleagues, but you will automatically be upgraded to next level God Mode status.<\/p>\n
This is the part where you tell us what the commands are, right? What kind of blog post do you think this would be if I didn\u2019t!<\/p>\n
On your Domain Controller, launch PowerShell and run the following command to create the OU that will hold all the data (i.e. the parent OU):<\/p>\n
\n- New-ADOrganizationalUnit -Name \u201cHosted Customers\u201d Next, you want to create the child OUs within the parent OU to start segregating Customers A, B and C:<\/li>\n
- New-ADOrganizationalUnit -Name \u201cHosted Customers\u201d -Path \u201cOU=CompanyA,OU=Hosted Customers,DC=pureawesomeness,DC=com,DC=au\u201d<\/li>\n<\/ul>\n
User Principal Names<\/span><\/h3>\nNext, you\u2019ll want to start adding in the required UPN suffixes to the AD Forest so that your customers can log in using their desired UPNs (e.g. <\/span>user1@domain.com.au<\/a>). Referring back to on one of my previous blogs, <\/span>The Mother of All Cross Forest Migrations<\/a>, I was working in an Account\/Resource Forest scenario, so the UPNs weren\u2019t added in AD in the target forest as users were all authenticating with accounts in the source forest using Linked Mailboxes.<\/p>\nConfused yet? I\u2019ll try and simplify it for you here\u2026<\/p>\n
If you’re soon to be multi-tenant Exchange platform is going to reside in the same forest as your active accounts and you want your customers to log in with their own domain name, run the below command on the Domain Controller:<\/p>\n
\n- Set-ADForest -Identity \u201cYour local AD Domain\u201d -UPNSuffixes @{add=\u201ddomain.com.au\u201d}<\/li>\n<\/ul>\n
Next up, the all important installation of Exchange. I won\u2019t write about the installation process here but it\u2019s basically Next, Next, Next, finish Season 1 of Suits, make a cup of coffee, drink said cup of coffee, come back, reboot server and you\u2019re done! Well sort of\u2026then there\u2019s the basic configuration of the Exchange platform, which guess what, I\u2019ll outline for you in another blog post\u2026only if you subscribe to Insentragram. Oh, as if you didn\u2019t see that one coming ?<\/p>\n
Right, so Exchange installed, basic configuration done and now, the juicy part\u2026configuring the platform for multi-tenancy. Strap yourselves in!<\/p>\n
ADDRESS BOOK POLICY ROUTING AGENT<\/strong><\/h3>\nBasically, this bad boy tells the users on your Exchange platform which Global Address List they are only allowed to look up. If you don\u2019t want the users who reside in GAL1 to see GAL2 users as external contacts, install the Address Book Routing (ABR) Agent on the Exchange server. Don\u2019t forget to enable it after install. As if trying to say Address Book Policy Routing Agent wasn\u2019t hard enough, now you must not only install it, but enable it! You\u2019re probably panicking now thinking \u201che\u2019s not going to tell us how to do this!\u201d\u2026Take a few deep breaths and proceed to read and guess what\u2026it consists of PowerShell! (this is either a face palm or an Evan Almighty Happy Dance moment)<\/p>\n
\n- Launch the Exchange Management Shell and run the following \u2013<\/li>\n<\/ul>\n
Install-TransportAgent -Name \u201cABP Routing Agent\u201d -TransportAgentFactory \u201cMicrosoft.Exchange.Transport.Agent.AddressBookPolicyRoutingAgent.AddressBookPolicyRoutingAgentFactory\u201d -AssemblyPath $env:ExchangeInstallPathTransportRolesagentsAddressBookPolicyRoutingAgentMicrosoft.Exchange.Transport.Agent.AddressBookPolicyRoutingAgent.dll<\/span><\/p>\nNext, enable the Transport Routing agent:<\/p>\n
\n- Enable-TransportAgent \u201cABP Routing Agent\u201d<\/li>\n<\/ul>\n
Once done, restart the transport service and verify the ABP Routing agent has been installed:<\/p>\n
\n- Restart-Service MSExchangeTransport<\/li>\n
- Get-TransportAgent\n
\n- The ABP Routing Agent should be listed<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
Final step is to enable the ABP Routing Agent<\/p>\n
\n- Set-TransportConfig -AddressBookPolicyRoutingEnabled $true<\/li>\n<\/ul>\n
![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/20\/2021\/02\/thebeaststhatismultitenancy_img_22.png\")
<\/p>\n
Now, quick checklist<\/p>\n
\n- Exchange installed \u2714<\/li>\n
- ABP Routing Agent installed \u2714<\/li>\n
- Cup of liquid gold consumed \u2714<\/li>\n<\/ul>\n
Proceed to the next phase of your training\u2026<\/p>\n
EMAIL ADDRESS POLICY<\/strong><\/h3>\nDon\u2019t worry, this can be done from the Exchange Admin Centre (I can almost hear you cheering with joy!)<\/p>\n
First thing you want to do is create a new Email Address Policy, so the accounts get assigned the correct email addresses because you know, assigning user1 at Company A with a Company B email address is not the greatest thing you could do.<\/p>\n
Log into your Exchange 2016 EAC and browse to Mail Flow \u2013 Email Address Policies and click on the + symbol<\/p>\n
\n- Give the policy a name that\u2019s easily distinguishable from the others\n
\n- Use abbreviations, acronyms, whatever you wish<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/20\/2021\/02\/thebeast-that-is-multi-tenancy_update_1.jpg\")
<\/p>\n
\n- Set the email address format and make sure you select the correct accepted domain\n
\n- g. alias<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
\n- Make sure types of recipients is set as All recipient types (unless there\u2019s a specific reason you don\u2019t want the policy applied to all types)<\/li>\n<\/ul>\n
![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/20\/2021\/02\/thebeast-that-is-multi-tenancy_update_2.jpg\")
<\/p>\n
\n- Make sure types of recipients is set as All recipient types (unless there\u2019s a specific reason you don\u2019t want the policy applied to all types)<\/li>\n<\/ul>\n
![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/20\/2021\/02\/thebeast-that-is-multi-tenancy_update_3.jpg\")
<\/p>\n
\n- Next, click on Add a rule and from the drop down list, select Recipient Container and then select the OU you want to apply the policy to.<\/li>\n
- Click Save and BOOM! Email Address Policy created BUT (there\u2019s always a BUT), don\u2019t forget to apply it. By default, email address policies aren\u2019t applied. Administrators need to manually apply it (just in case you made a slight boo boo and applied it to the wrong OU!) So double check the settings of the policy before applying and read the prompts you\u2019re presented with! They\u2019re labelled Warning for a reason.<\/li>\n<\/ul>\n
![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/20\/2021\/02\/hambik_post_image003.png\")
<\/p>\n
You\u2019re on the home stretch now\u2026I promise\u2026maybe\u2026not really\u2026only joking\u2026but seriously\u2026HOME STRETCH!!<\/p>\n
ADDRESS LISTS AND POLICIES<\/strong><\/h3>\nBuckle up because there\u2019s 4523 PowerShell cmdlets to run and that\u2019s just for one customer! Feel free to scream if need be. I\u2019m all ears.<\/p>\n
First, we want to create a new Global Address List:<\/p>\n
\n- New-GlobalAddressList -Name \u201cGlobal Address List CompanyA\u201d -ConditionalCustomAttribute1 \u201cAttribute1\u201d -IncludedRecipients MailboxUsers,MailGroups,MailContacts -RecipientContainer \u201cpureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n<\/ul>\n
Few things to take note of:<\/p>\n
\n- Replace CompanyA with the customer you\u2019re creating the GAL for (e.g. CompanyB, CompanyC etc)<\/li>\n
- Make sure you enter the correct path for the OU as you want the GAL assigned to all recipients in that particular OU and not the wrong one!<\/li>\n
- CustomAttribute1 is what we\u2019re going to use to assign the policies correctly to the accounts so when the objects are created in Exchange and in AD, don\u2019t forget to assign the correct attribute<\/li>\n
- The value of CustomAttribute1 can be anything you want \u2013 just make sure it\u2019s different across all your customers (e.g. you don\u2019t want the same value for CompanyA assigned to objects in CompanyB)<\/li>\n<\/ul>\n
Next up, we want to create the Address Lists for Users, Contacts, Distribution Groups and Rooms:<\/p>\n
\n- New-AddressList -Name \u201cAll Rooms CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ResourcePropertiesDisplay -eq \u2018Equipment\u2019 -or ResourcePropertyDisplay -eq \u2018Room\u2019)\u201d -RecipientContainer \u201cpureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n
- New-AddressList -Name \u201cAll Users CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ObjectClass -eq \u2018User\u2019)\u201d -RecipientContainer \u201d pureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n
- New-AddressList -Name \u201cAll Contacts CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ObjectClass -eq \u2018Contact\u2019)\u201d -RecipientContainer \u201d pureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n
- New-AddressList -Name \u201cAll Distribution Lists CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ObjectClass -eq \u2018Group\u2019)\u201d -RecipientContainer \u201cpureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n<\/ul>\n
Almost there\u2026<\/p>\n
Now, we need an Offline Address Book:<\/p>\n
\n- New-OfflineAddressBook -Name \u201cCompanyA\u201d -AddressLists \u201cGlobal Address List CompanyA\u201d\n
\n- Global Address List CompanyA is the name of the GAL you assigned in the very first step<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
Finally, we create the Address Book Policy and assign all of the newly created Address Lists to it:<\/p>\n
\n- New-AddressBookPolicy -Name \u201cCompanyA Address Book Policy\u201d -AddressLists \u201cAll Users CompanyA\u201d,\u201dAll Distribution Lists CompanyA\u201d,\u201dAll Contacts CompanyA\u201d -RoomList \u201cAll Rooms CompanyA\u201d -OfflineAddressBook \u201cCompanyA\u201d -GlobalAddressList \u201cGlobal Address List CompanyA\u201d<\/li>\n<\/ul>\n
There you have it my loyal apprentice. Your Exchange Server 2016 deployment is now configured as a multi-tenant solution\u2026for only one customer! Don\u2019t forget to repeat the above for the other customers you bring on board, but with the required different values!<\/p>\n
See, there\u2019s a reason why the title of this blog is called The Beast That Is Multi-Tenancy!<\/p>\n
Until next time, signing off!<\/p>\n
Yours Truly,<\/p>\n
Pure Awesomeness<\/p>\n
\u201cYou want to be a writer, don\u2019t know how or when? Find a quiet place, use a humble pen\u201d \u2013 Paul Simon<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"Hi guys, yep it\u2019s me again\u2026the pure awesomeness that got you through the cross forest migrations. Just when you thought your cerebrum, you know, the large part of your brain that does all the thinking, had just been taken through its paces with trying to memorise cross forest migrations, along comes me again! This time… Continue reading The Beast That is Multi-Tenancy<\/span><\/a><\/p>\n","protected":false},"author":52,"featured_media":6580,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[22],"tags":[],"class_list":["post-1923","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-migrations","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/users\/52"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/comments?post=1923"}],"version-history":[{"count":1,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1923\/revisions"}],"predecessor-version":[{"id":15749,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1923\/revisions\/15749"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media\/6580"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media?parent=1923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/categories?post=1923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/tags?post=1923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Organisational Units<\/span><\/h3>\nFirst thing to do before you even attempt to run setup.exe to install Exchange is to make sure your Active Directory Organisational Unit (OU) structure is up to scratch. If your customers are going to be logging onto a root domain, you want to make sure the OU structure is segregated. You don\u2019t want customers A, B and C all located in an OU called \u201cUsers\u201d just because you were preoccupied with trying to finally crack the Magicians Code on Channel 10 and didn\u2019t create the proper OU structure, which results in your colleague trying to differentiate between who belongs to customer A, B or C 6 months\u2019 down the track.<\/p>\n
In a nutshell, if you\u2019re hosting all your customers under a root domain, you want them segregated in separate OUs to make your administration life easier, kind of like the artwork presented below (Good ol\u2019 Visio never disappoints!)<\/p>\n
<\/p>\n
Now, no one will think differently of you if you decide to create your OU structure directly from Active Directory Users and Computers, however, if you decide to create it through PowerShell, not only will you be deemed Superior by your colleagues, but you will automatically be upgraded to next level God Mode status.<\/p>\n
This is the part where you tell us what the commands are, right? What kind of blog post do you think this would be if I didn\u2019t!<\/p>\n
On your Domain Controller, launch PowerShell and run the following command to create the OU that will hold all the data (i.e. the parent OU):<\/p>\n
\n- New-ADOrganizationalUnit -Name \u201cHosted Customers\u201d Next, you want to create the child OUs within the parent OU to start segregating Customers A, B and C:<\/li>\n
- New-ADOrganizationalUnit -Name \u201cHosted Customers\u201d -Path \u201cOU=CompanyA,OU=Hosted Customers,DC=pureawesomeness,DC=com,DC=au\u201d<\/li>\n<\/ul>\n
User Principal Names<\/span><\/h3>\nNext, you\u2019ll want to start adding in the required UPN suffixes to the AD Forest so that your customers can log in using their desired UPNs (e.g. <\/span>user1@domain.com.au<\/a>). Referring back to on one of my previous blogs, <\/span>The Mother of All Cross Forest Migrations<\/a>, I was working in an Account\/Resource Forest scenario, so the UPNs weren\u2019t added in AD in the target forest as users were all authenticating with accounts in the source forest using Linked Mailboxes.<\/p>\nConfused yet? I\u2019ll try and simplify it for you here\u2026<\/p>\n
If you’re soon to be multi-tenant Exchange platform is going to reside in the same forest as your active accounts and you want your customers to log in with their own domain name, run the below command on the Domain Controller:<\/p>\n
\n- Set-ADForest -Identity \u201cYour local AD Domain\u201d -UPNSuffixes @{add=\u201ddomain.com.au\u201d}<\/li>\n<\/ul>\n
Next up, the all important installation of Exchange. I won\u2019t write about the installation process here but it\u2019s basically Next, Next, Next, finish Season 1 of Suits, make a cup of coffee, drink said cup of coffee, come back, reboot server and you\u2019re done! Well sort of\u2026then there\u2019s the basic configuration of the Exchange platform, which guess what, I\u2019ll outline for you in another blog post\u2026only if you subscribe to Insentragram. Oh, as if you didn\u2019t see that one coming ?<\/p>\n
Right, so Exchange installed, basic configuration done and now, the juicy part\u2026configuring the platform for multi-tenancy. Strap yourselves in!<\/p>\n
ADDRESS BOOK POLICY ROUTING AGENT<\/strong><\/h3>\nBasically, this bad boy tells the users on your Exchange platform which Global Address List they are only allowed to look up. If you don\u2019t want the users who reside in GAL1 to see GAL2 users as external contacts, install the Address Book Routing (ABR) Agent on the Exchange server. Don\u2019t forget to enable it after install. As if trying to say Address Book Policy Routing Agent wasn\u2019t hard enough, now you must not only install it, but enable it! You\u2019re probably panicking now thinking \u201che\u2019s not going to tell us how to do this!\u201d\u2026Take a few deep breaths and proceed to read and guess what\u2026it consists of PowerShell! (this is either a face palm or an Evan Almighty Happy Dance moment)<\/p>\n
\n- Launch the Exchange Management Shell and run the following \u2013<\/li>\n<\/ul>\n
Install-TransportAgent -Name \u201cABP Routing Agent\u201d -TransportAgentFactory \u201cMicrosoft.Exchange.Transport.Agent.AddressBookPolicyRoutingAgent.AddressBookPolicyRoutingAgentFactory\u201d -AssemblyPath $env:ExchangeInstallPathTransportRolesagentsAddressBookPolicyRoutingAgentMicrosoft.Exchange.Transport.Agent.AddressBookPolicyRoutingAgent.dll<\/span><\/p>\nNext, enable the Transport Routing agent:<\/p>\n
\n- Enable-TransportAgent \u201cABP Routing Agent\u201d<\/li>\n<\/ul>\n
Once done, restart the transport service and verify the ABP Routing agent has been installed:<\/p>\n
\n- Restart-Service MSExchangeTransport<\/li>\n
- Get-TransportAgent\n
\n- The ABP Routing Agent should be listed<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
Final step is to enable the ABP Routing Agent<\/p>\n
\n- Set-TransportConfig -AddressBookPolicyRoutingEnabled $true<\/li>\n<\/ul>\n
<\/p>\n
Now, quick checklist<\/p>\n
\n- Exchange installed \u2714<\/li>\n
- ABP Routing Agent installed \u2714<\/li>\n
- Cup of liquid gold consumed \u2714<\/li>\n<\/ul>\n
Proceed to the next phase of your training\u2026<\/p>\n
EMAIL ADDRESS POLICY<\/strong><\/h3>\nDon\u2019t worry, this can be done from the Exchange Admin Centre (I can almost hear you cheering with joy!)<\/p>\n
First thing you want to do is create a new Email Address Policy, so the accounts get assigned the correct email addresses because you know, assigning user1 at Company A with a Company B email address is not the greatest thing you could do.<\/p>\n
Log into your Exchange 2016 EAC and browse to Mail Flow \u2013 Email Address Policies and click on the + symbol<\/p>\n
\n- Give the policy a name that\u2019s easily distinguishable from the others\n
\n- Use abbreviations, acronyms, whatever you wish<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
<\/p>\n
\n- Set the email address format and make sure you select the correct accepted domain\n
\n- g. alias<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
\n- Make sure types of recipients is set as All recipient types (unless there\u2019s a specific reason you don\u2019t want the policy applied to all types)<\/li>\n<\/ul>\n
<\/p>\n
\n- Make sure types of recipients is set as All recipient types (unless there\u2019s a specific reason you don\u2019t want the policy applied to all types)<\/li>\n<\/ul>\n
<\/p>\n
\n- Next, click on Add a rule and from the drop down list, select Recipient Container and then select the OU you want to apply the policy to.<\/li>\n
- Click Save and BOOM! Email Address Policy created BUT (there\u2019s always a BUT), don\u2019t forget to apply it. By default, email address policies aren\u2019t applied. Administrators need to manually apply it (just in case you made a slight boo boo and applied it to the wrong OU!) So double check the settings of the policy before applying and read the prompts you\u2019re presented with! They\u2019re labelled Warning for a reason.<\/li>\n<\/ul>\n
<\/p>\n
You\u2019re on the home stretch now\u2026I promise\u2026maybe\u2026not really\u2026only joking\u2026but seriously\u2026HOME STRETCH!!<\/p>\n
ADDRESS LISTS AND POLICIES<\/strong><\/h3>\nBuckle up because there\u2019s 4523 PowerShell cmdlets to run and that\u2019s just for one customer! Feel free to scream if need be. I\u2019m all ears.<\/p>\n
First, we want to create a new Global Address List:<\/p>\n
\n- New-GlobalAddressList -Name \u201cGlobal Address List CompanyA\u201d -ConditionalCustomAttribute1 \u201cAttribute1\u201d -IncludedRecipients MailboxUsers,MailGroups,MailContacts -RecipientContainer \u201cpureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n<\/ul>\n
Few things to take note of:<\/p>\n
\n- Replace CompanyA with the customer you\u2019re creating the GAL for (e.g. CompanyB, CompanyC etc)<\/li>\n
- Make sure you enter the correct path for the OU as you want the GAL assigned to all recipients in that particular OU and not the wrong one!<\/li>\n
- CustomAttribute1 is what we\u2019re going to use to assign the policies correctly to the accounts so when the objects are created in Exchange and in AD, don\u2019t forget to assign the correct attribute<\/li>\n
- The value of CustomAttribute1 can be anything you want \u2013 just make sure it\u2019s different across all your customers (e.g. you don\u2019t want the same value for CompanyA assigned to objects in CompanyB)<\/li>\n<\/ul>\n
Next up, we want to create the Address Lists for Users, Contacts, Distribution Groups and Rooms:<\/p>\n
\n- New-AddressList -Name \u201cAll Rooms CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ResourcePropertiesDisplay -eq \u2018Equipment\u2019 -or ResourcePropertyDisplay -eq \u2018Room\u2019)\u201d -RecipientContainer \u201cpureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n
- New-AddressList -Name \u201cAll Users CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ObjectClass -eq \u2018User\u2019)\u201d -RecipientContainer \u201d pureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n
- New-AddressList -Name \u201cAll Contacts CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ObjectClass -eq \u2018Contact\u2019)\u201d -RecipientContainer \u201d pureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n
- New-AddressList -Name \u201cAll Distribution Lists CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ObjectClass -eq \u2018Group\u2019)\u201d -RecipientContainer \u201cpureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n<\/ul>\n
Almost there\u2026<\/p>\n
Now, we need an Offline Address Book:<\/p>\n
\n- New-OfflineAddressBook -Name \u201cCompanyA\u201d -AddressLists \u201cGlobal Address List CompanyA\u201d\n
\n- Global Address List CompanyA is the name of the GAL you assigned in the very first step<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
Finally, we create the Address Book Policy and assign all of the newly created Address Lists to it:<\/p>\n
\n- New-AddressBookPolicy -Name \u201cCompanyA Address Book Policy\u201d -AddressLists \u201cAll Users CompanyA\u201d,\u201dAll Distribution Lists CompanyA\u201d,\u201dAll Contacts CompanyA\u201d -RoomList \u201cAll Rooms CompanyA\u201d -OfflineAddressBook \u201cCompanyA\u201d -GlobalAddressList \u201cGlobal Address List CompanyA\u201d<\/li>\n<\/ul>\n
There you have it my loyal apprentice. Your Exchange Server 2016 deployment is now configured as a multi-tenant solution\u2026for only one customer! Don\u2019t forget to repeat the above for the other customers you bring on board, but with the required different values!<\/p>\n
See, there\u2019s a reason why the title of this blog is called The Beast That Is Multi-Tenancy!<\/p>\n
Until next time, signing off!<\/p>\n
Yours Truly,<\/p>\n
Pure Awesomeness<\/p>\n
\u201cYou want to be a writer, don\u2019t know how or when? Find a quiet place, use a humble pen\u201d \u2013 Paul Simon<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"Hi guys, yep it\u2019s me again\u2026the pure awesomeness that got you through the cross forest migrations. Just when you thought your cerebrum, you know, the large part of your brain that does all the thinking, had just been taken through its paces with trying to memorise cross forest migrations, along comes me again! This time… Continue reading The Beast That is Multi-Tenancy<\/span><\/a><\/p>\n","protected":false},"author":52,"featured_media":6580,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[22],"tags":[],"class_list":["post-1923","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-migrations","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/users\/52"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/comments?post=1923"}],"version-history":[{"count":1,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1923\/revisions"}],"predecessor-version":[{"id":15749,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1923\/revisions\/15749"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media\/6580"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media?parent=1923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/categories?post=1923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/tags?post=1923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/p>\nUser Principal Names<\/span><\/h3>\nNext, you\u2019ll want to start adding in the required UPN suffixes to the AD Forest so that your customers can log in using their desired UPNs (e.g. <\/span>user1@domain.com.au<\/a>). Referring back to on one of my previous blogs, <\/span>The Mother of All Cross Forest Migrations<\/a>, I was working in an Account\/Resource Forest scenario, so the UPNs weren\u2019t added in AD in the target forest as users were all authenticating with accounts in the source forest using Linked Mailboxes.<\/p>\nConfused yet? I\u2019ll try and simplify it for you here\u2026<\/p>\n
If you’re soon to be multi-tenant Exchange platform is going to reside in the same forest as your active accounts and you want your customers to log in with their own domain name, run the below command on the Domain Controller:<\/p>\n
\n- Set-ADForest -Identity \u201cYour local AD Domain\u201d -UPNSuffixes @{add=\u201ddomain.com.au\u201d}<\/li>\n<\/ul>\n
Next up, the all important installation of Exchange. I won\u2019t write about the installation process here but it\u2019s basically Next, Next, Next, finish Season 1 of Suits, make a cup of coffee, drink said cup of coffee, come back, reboot server and you\u2019re done! Well sort of\u2026then there\u2019s the basic configuration of the Exchange platform, which guess what, I\u2019ll outline for you in another blog post\u2026only if you subscribe to Insentragram. Oh, as if you didn\u2019t see that one coming ?<\/p>\n
Right, so Exchange installed, basic configuration done and now, the juicy part\u2026configuring the platform for multi-tenancy. Strap yourselves in!<\/p>\n
ADDRESS BOOK POLICY ROUTING AGENT<\/strong><\/h3>\nBasically, this bad boy tells the users on your Exchange platform which Global Address List they are only allowed to look up. If you don\u2019t want the users who reside in GAL1 to see GAL2 users as external contacts, install the Address Book Routing (ABR) Agent on the Exchange server. Don\u2019t forget to enable it after install. As if trying to say Address Book Policy Routing Agent wasn\u2019t hard enough, now you must not only install it, but enable it! You\u2019re probably panicking now thinking \u201che\u2019s not going to tell us how to do this!\u201d\u2026Take a few deep breaths and proceed to read and guess what\u2026it consists of PowerShell! (this is either a face palm or an Evan Almighty Happy Dance moment)<\/p>\n
\n- Launch the Exchange Management Shell and run the following \u2013<\/li>\n<\/ul>\n
Install-TransportAgent -Name \u201cABP Routing Agent\u201d -TransportAgentFactory \u201cMicrosoft.Exchange.Transport.Agent.AddressBookPolicyRoutingAgent.AddressBookPolicyRoutingAgentFactory\u201d -AssemblyPath $env:ExchangeInstallPathTransportRolesagentsAddressBookPolicyRoutingAgentMicrosoft.Exchange.Transport.Agent.AddressBookPolicyRoutingAgent.dll<\/span><\/p>\nNext, enable the Transport Routing agent:<\/p>\n
\n- Enable-TransportAgent \u201cABP Routing Agent\u201d<\/li>\n<\/ul>\n
Once done, restart the transport service and verify the ABP Routing agent has been installed:<\/p>\n
\n- Restart-Service MSExchangeTransport<\/li>\n
- Get-TransportAgent\n
\n- The ABP Routing Agent should be listed<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
Final step is to enable the ABP Routing Agent<\/p>\n
\n- Set-TransportConfig -AddressBookPolicyRoutingEnabled $true<\/li>\n<\/ul>\n
<\/p>\n
Now, quick checklist<\/p>\n
\n- Exchange installed \u2714<\/li>\n
- ABP Routing Agent installed \u2714<\/li>\n
- Cup of liquid gold consumed \u2714<\/li>\n<\/ul>\n
Proceed to the next phase of your training\u2026<\/p>\n
EMAIL ADDRESS POLICY<\/strong><\/h3>\nDon\u2019t worry, this can be done from the Exchange Admin Centre (I can almost hear you cheering with joy!)<\/p>\n
First thing you want to do is create a new Email Address Policy, so the accounts get assigned the correct email addresses because you know, assigning user1 at Company A with a Company B email address is not the greatest thing you could do.<\/p>\n
Log into your Exchange 2016 EAC and browse to Mail Flow \u2013 Email Address Policies and click on the + symbol<\/p>\n
\n- Give the policy a name that\u2019s easily distinguishable from the others\n
\n- Use abbreviations, acronyms, whatever you wish<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
<\/p>\n
\n- Set the email address format and make sure you select the correct accepted domain\n
\n- g. alias<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
\n- Make sure types of recipients is set as All recipient types (unless there\u2019s a specific reason you don\u2019t want the policy applied to all types)<\/li>\n<\/ul>\n
<\/p>\n
\n- Make sure types of recipients is set as All recipient types (unless there\u2019s a specific reason you don\u2019t want the policy applied to all types)<\/li>\n<\/ul>\n
<\/p>\n
\n- Next, click on Add a rule and from the drop down list, select Recipient Container and then select the OU you want to apply the policy to.<\/li>\n
- Click Save and BOOM! Email Address Policy created BUT (there\u2019s always a BUT), don\u2019t forget to apply it. By default, email address policies aren\u2019t applied. Administrators need to manually apply it (just in case you made a slight boo boo and applied it to the wrong OU!) So double check the settings of the policy before applying and read the prompts you\u2019re presented with! They\u2019re labelled Warning for a reason.<\/li>\n<\/ul>\n
<\/p>\n
You\u2019re on the home stretch now\u2026I promise\u2026maybe\u2026not really\u2026only joking\u2026but seriously\u2026HOME STRETCH!!<\/p>\n
ADDRESS LISTS AND POLICIES<\/strong><\/h3>\nBuckle up because there\u2019s 4523 PowerShell cmdlets to run and that\u2019s just for one customer! Feel free to scream if need be. I\u2019m all ears.<\/p>\n
First, we want to create a new Global Address List:<\/p>\n
\n- New-GlobalAddressList -Name \u201cGlobal Address List CompanyA\u201d -ConditionalCustomAttribute1 \u201cAttribute1\u201d -IncludedRecipients MailboxUsers,MailGroups,MailContacts -RecipientContainer \u201cpureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n<\/ul>\n
Few things to take note of:<\/p>\n
\n- Replace CompanyA with the customer you\u2019re creating the GAL for (e.g. CompanyB, CompanyC etc)<\/li>\n
- Make sure you enter the correct path for the OU as you want the GAL assigned to all recipients in that particular OU and not the wrong one!<\/li>\n
- CustomAttribute1 is what we\u2019re going to use to assign the policies correctly to the accounts so when the objects are created in Exchange and in AD, don\u2019t forget to assign the correct attribute<\/li>\n
- The value of CustomAttribute1 can be anything you want \u2013 just make sure it\u2019s different across all your customers (e.g. you don\u2019t want the same value for CompanyA assigned to objects in CompanyB)<\/li>\n<\/ul>\n
Next up, we want to create the Address Lists for Users, Contacts, Distribution Groups and Rooms:<\/p>\n
\n- New-AddressList -Name \u201cAll Rooms CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ResourcePropertiesDisplay -eq \u2018Equipment\u2019 -or ResourcePropertyDisplay -eq \u2018Room\u2019)\u201d -RecipientContainer \u201cpureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n
- New-AddressList -Name \u201cAll Users CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ObjectClass -eq \u2018User\u2019)\u201d -RecipientContainer \u201d pureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n
- New-AddressList -Name \u201cAll Contacts CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ObjectClass -eq \u2018Contact\u2019)\u201d -RecipientContainer \u201d pureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n
- New-AddressList -Name \u201cAll Distribution Lists CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ObjectClass -eq \u2018Group\u2019)\u201d -RecipientContainer \u201cpureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n<\/ul>\n
Almost there\u2026<\/p>\n
Now, we need an Offline Address Book:<\/p>\n
\n- New-OfflineAddressBook -Name \u201cCompanyA\u201d -AddressLists \u201cGlobal Address List CompanyA\u201d\n
\n- Global Address List CompanyA is the name of the GAL you assigned in the very first step<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
Finally, we create the Address Book Policy and assign all of the newly created Address Lists to it:<\/p>\n
\n- New-AddressBookPolicy -Name \u201cCompanyA Address Book Policy\u201d -AddressLists \u201cAll Users CompanyA\u201d,\u201dAll Distribution Lists CompanyA\u201d,\u201dAll Contacts CompanyA\u201d -RoomList \u201cAll Rooms CompanyA\u201d -OfflineAddressBook \u201cCompanyA\u201d -GlobalAddressList \u201cGlobal Address List CompanyA\u201d<\/li>\n<\/ul>\n
There you have it my loyal apprentice. Your Exchange Server 2016 deployment is now configured as a multi-tenant solution\u2026for only one customer! Don\u2019t forget to repeat the above for the other customers you bring on board, but with the required different values!<\/p>\n
See, there\u2019s a reason why the title of this blog is called The Beast That Is Multi-Tenancy!<\/p>\n
Until next time, signing off!<\/p>\n
Yours Truly,<\/p>\n
Pure Awesomeness<\/p>\n
\u201cYou want to be a writer, don\u2019t know how or when? Find a quiet place, use a humble pen\u201d \u2013 Paul Simon<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"Hi guys, yep it\u2019s me again\u2026the pure awesomeness that got you through the cross forest migrations. Just when you thought your cerebrum, you know, the large part of your brain that does all the thinking, had just been taken through its paces with trying to memorise cross forest migrations, along comes me again! This time… Continue reading The Beast That is Multi-Tenancy<\/span><\/a><\/p>\n","protected":false},"author":52,"featured_media":6580,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[22],"tags":[],"class_list":["post-1923","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-migrations","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/users\/52"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/comments?post=1923"}],"version-history":[{"count":1,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1923\/revisions"}],"predecessor-version":[{"id":15749,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1923\/revisions\/15749"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media\/6580"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media?parent=1923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/categories?post=1923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/tags?post=1923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Confused yet? I\u2019ll try and simplify it for you here\u2026<\/p>\n
If you’re soon to be multi-tenant Exchange platform is going to reside in the same forest as your active accounts and you want your customers to log in with their own domain name, run the below command on the Domain Controller:<\/p>\n
- \n
- Set-ADForest -Identity \u201cYour local AD Domain\u201d -UPNSuffixes @{add=\u201ddomain.com.au\u201d}<\/li>\n<\/ul>\n
Next up, the all important installation of Exchange. I won\u2019t write about the installation process here but it\u2019s basically Next, Next, Next, finish Season 1 of Suits, make a cup of coffee, drink said cup of coffee, come back, reboot server and you\u2019re done! Well sort of\u2026then there\u2019s the basic configuration of the Exchange platform, which guess what, I\u2019ll outline for you in another blog post\u2026only if you subscribe to Insentragram. Oh, as if you didn\u2019t see that one coming ?<\/p>\n
Right, so Exchange installed, basic configuration done and now, the juicy part\u2026configuring the platform for multi-tenancy. Strap yourselves in!<\/p>\n
ADDRESS BOOK POLICY ROUTING AGENT<\/strong><\/h3>\n
Basically, this bad boy tells the users on your Exchange platform which Global Address List they are only allowed to look up. If you don\u2019t want the users who reside in GAL1 to see GAL2 users as external contacts, install the Address Book Routing (ABR) Agent on the Exchange server. Don\u2019t forget to enable it after install. As if trying to say Address Book Policy Routing Agent wasn\u2019t hard enough, now you must not only install it, but enable it! You\u2019re probably panicking now thinking \u201che\u2019s not going to tell us how to do this!\u201d\u2026Take a few deep breaths and proceed to read and guess what\u2026it consists of PowerShell! (this is either a face palm or an Evan Almighty Happy Dance moment)<\/p>\n
- \n
- Launch the Exchange Management Shell and run the following \u2013<\/li>\n<\/ul>\n
Install-TransportAgent -Name \u201cABP Routing Agent\u201d -TransportAgentFactory \u201cMicrosoft.Exchange.Transport.Agent.AddressBookPolicyRoutingAgent.AddressBookPolicyRoutingAgentFactory\u201d -AssemblyPath $env:ExchangeInstallPathTransportRolesagentsAddressBookPolicyRoutingAgentMicrosoft.Exchange.Transport.Agent.AddressBookPolicyRoutingAgent.dll<\/span><\/p>\n
Next, enable the Transport Routing agent:<\/p>\n
- \n
- Enable-TransportAgent \u201cABP Routing Agent\u201d<\/li>\n<\/ul>\n
Once done, restart the transport service and verify the ABP Routing agent has been installed:<\/p>\n
- \n
- Restart-Service MSExchangeTransport<\/li>\n
- Get-TransportAgent\n
- \n
- The ABP Routing Agent should be listed<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
Final step is to enable the ABP Routing Agent<\/p>\n
- \n
- Set-TransportConfig -AddressBookPolicyRoutingEnabled $true<\/li>\n<\/ul>\n<\/p>\n
Now, quick checklist<\/p>\n
- \n
- Exchange installed \u2714<\/li>\n
- ABP Routing Agent installed \u2714<\/li>\n
- Cup of liquid gold consumed \u2714<\/li>\n<\/ul>\n
Proceed to the next phase of your training\u2026<\/p>\n
EMAIL ADDRESS POLICY<\/strong><\/h3>\n
Don\u2019t worry, this can be done from the Exchange Admin Centre (I can almost hear you cheering with joy!)<\/p>\n
First thing you want to do is create a new Email Address Policy, so the accounts get assigned the correct email addresses because you know, assigning user1 at Company A with a Company B email address is not the greatest thing you could do.<\/p>\n
Log into your Exchange 2016 EAC and browse to Mail Flow \u2013 Email Address Policies and click on the + symbol<\/p>\n
- \n
- Give the policy a name that\u2019s easily distinguishable from the others\n
- \n
- Use abbreviations, acronyms, whatever you wish<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/p>\n
- \n
- Set the email address format and make sure you select the correct accepted domain\n
- \n
- g. alias<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
- \n
- Make sure types of recipients is set as All recipient types (unless there\u2019s a specific reason you don\u2019t want the policy applied to all types)<\/li>\n<\/ul>\n<\/p>\n
- \n
- Make sure types of recipients is set as All recipient types (unless there\u2019s a specific reason you don\u2019t want the policy applied to all types)<\/li>\n<\/ul>\n<\/p>\n
- \n
- Next, click on Add a rule and from the drop down list, select Recipient Container and then select the OU you want to apply the policy to.<\/li>\n
- Click Save and BOOM! Email Address Policy created BUT (there\u2019s always a BUT), don\u2019t forget to apply it. By default, email address policies aren\u2019t applied. Administrators need to manually apply it (just in case you made a slight boo boo and applied it to the wrong OU!) So double check the settings of the policy before applying and read the prompts you\u2019re presented with! They\u2019re labelled Warning for a reason.<\/li>\n<\/ul>\n<\/p>\n
You\u2019re on the home stretch now\u2026I promise\u2026maybe\u2026not really\u2026only joking\u2026but seriously\u2026HOME STRETCH!!<\/p>\n
ADDRESS LISTS AND POLICIES<\/strong><\/h3>\n
Buckle up because there\u2019s 4523 PowerShell cmdlets to run and that\u2019s just for one customer! Feel free to scream if need be. I\u2019m all ears.<\/p>\n
First, we want to create a new Global Address List:<\/p>\n
- \n
- New-GlobalAddressList -Name \u201cGlobal Address List CompanyA\u201d -ConditionalCustomAttribute1 \u201cAttribute1\u201d -IncludedRecipients MailboxUsers,MailGroups,MailContacts -RecipientContainer \u201cpureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n<\/ul>\n
Few things to take note of:<\/p>\n
- \n
- Replace CompanyA with the customer you\u2019re creating the GAL for (e.g. CompanyB, CompanyC etc)<\/li>\n
- Make sure you enter the correct path for the OU as you want the GAL assigned to all recipients in that particular OU and not the wrong one!<\/li>\n
- CustomAttribute1 is what we\u2019re going to use to assign the policies correctly to the accounts so when the objects are created in Exchange and in AD, don\u2019t forget to assign the correct attribute<\/li>\n
- The value of CustomAttribute1 can be anything you want \u2013 just make sure it\u2019s different across all your customers (e.g. you don\u2019t want the same value for CompanyA assigned to objects in CompanyB)<\/li>\n<\/ul>\n
Next up, we want to create the Address Lists for Users, Contacts, Distribution Groups and Rooms:<\/p>\n
- \n
- New-AddressList -Name \u201cAll Rooms CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ResourcePropertiesDisplay -eq \u2018Equipment\u2019 -or ResourcePropertyDisplay -eq \u2018Room\u2019)\u201d -RecipientContainer \u201cpureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n
- New-AddressList -Name \u201cAll Users CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ObjectClass -eq \u2018User\u2019)\u201d -RecipientContainer \u201d pureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n
- New-AddressList -Name \u201cAll Contacts CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ObjectClass -eq \u2018Contact\u2019)\u201d -RecipientContainer \u201d pureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n
- New-AddressList -Name \u201cAll Distribution Lists CompanyA\u201d -RecipientFilter \u201c(CustomAttribute1 -eq \u2018Attribute1\u2019) -and (ObjectClass -eq \u2018Group\u2019)\u201d -RecipientContainer \u201cpureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n<\/ul>\n
Almost there\u2026<\/p>\n
Now, we need an Offline Address Book:<\/p>\n
- \n
- New-OfflineAddressBook -Name \u201cCompanyA\u201d -AddressLists \u201cGlobal Address List CompanyA\u201d\n
- \n
- Global Address List CompanyA is the name of the GAL you assigned in the very first step<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
Finally, we create the Address Book Policy and assign all of the newly created Address Lists to it:<\/p>\n
- \n
- New-AddressBookPolicy -Name \u201cCompanyA Address Book Policy\u201d -AddressLists \u201cAll Users CompanyA\u201d,\u201dAll Distribution Lists CompanyA\u201d,\u201dAll Contacts CompanyA\u201d -RoomList \u201cAll Rooms CompanyA\u201d -OfflineAddressBook \u201cCompanyA\u201d -GlobalAddressList \u201cGlobal Address List CompanyA\u201d<\/li>\n<\/ul>\n
There you have it my loyal apprentice. Your Exchange Server 2016 deployment is now configured as a multi-tenant solution\u2026for only one customer! Don\u2019t forget to repeat the above for the other customers you bring on board, but with the required different values!<\/p>\n
See, there\u2019s a reason why the title of this blog is called The Beast That Is Multi-Tenancy!<\/p>\n
Until next time, signing off!<\/p>\n
Yours Truly,<\/p>\n
Pure Awesomeness<\/p>\n
\u201cYou want to be a writer, don\u2019t know how or when? Find a quiet place, use a humble pen\u201d \u2013 Paul Simon<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"
Hi guys, yep it\u2019s me again\u2026the pure awesomeness that got you through the cross forest migrations. Just when you thought your cerebrum, you know, the large part of your brain that does all the thinking, had just been taken through its paces with trying to memorise cross forest migrations, along comes me again! This time… Continue reading The Beast That is Multi-Tenancy<\/span><\/a><\/p>\n","protected":false},"author":52,"featured_media":6580,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[22],"tags":[],"class_list":["post-1923","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-migrations","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1923","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/users\/52"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/comments?post=1923"}],"version-history":[{"count":1,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1923\/revisions"}],"predecessor-version":[{"id":15749,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/posts\/1923\/revisions\/15749"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media\/6580"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/media?parent=1923"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/categories?post=1923"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/gb\/wp-json\/wp\/v2\/tags?post=1923"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- New-AddressBookPolicy -Name \u201cCompanyA Address Book Policy\u201d -AddressLists \u201cAll Users CompanyA\u201d,\u201dAll Distribution Lists CompanyA\u201d,\u201dAll Contacts CompanyA\u201d -RoomList \u201cAll Rooms CompanyA\u201d -OfflineAddressBook \u201cCompanyA\u201d -GlobalAddressList \u201cGlobal Address List CompanyA\u201d<\/li>\n<\/ul>\n
- Global Address List CompanyA is the name of the GAL you assigned in the very first step<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
- New-OfflineAddressBook -Name \u201cCompanyA\u201d -AddressLists \u201cGlobal Address List CompanyA\u201d\n
- New-GlobalAddressList -Name \u201cGlobal Address List CompanyA\u201d -ConditionalCustomAttribute1 \u201cAttribute1\u201d -IncludedRecipients MailboxUsers,MailGroups,MailContacts -RecipientContainer \u201cpureawesomeness.com.au\/Hosted Customers\/CompanyA\u201d<\/li>\n<\/ul>\n
- Make sure types of recipients is set as All recipient types (unless there\u2019s a specific reason you don\u2019t want the policy applied to all types)<\/li>\n<\/ul>\n
- Make sure types of recipients is set as All recipient types (unless there\u2019s a specific reason you don\u2019t want the policy applied to all types)<\/li>\n<\/ul>\n
- g. alias<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
- Set the email address format and make sure you select the correct accepted domain\n
- Use abbreviations, acronyms, whatever you wish<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
- Give the policy a name that\u2019s easily distinguishable from the others\n
- Set-TransportConfig -AddressBookPolicyRoutingEnabled $true<\/li>\n<\/ul>\n
- The ABP Routing Agent should be listed<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
- Enable-TransportAgent \u201cABP Routing Agent\u201d<\/li>\n<\/ul>\n
- Launch the Exchange Management Shell and run the following \u2013<\/li>\n<\/ul>\n