Solved

Want to Use Exchange Server - How to get started

Posted on 2010-08-26
26
484 Views
Last Modified: 2012-05-10
I have a small office that has been using Icewarp mail server.
It has ben spotty at best, due to either the software or hardware we have or both.

We only have 25 users and only a few are heavy users, so the requirements aren't tremendous but reliablity and availability is a MUST.  Our current configuration just isn't woring.

So we want to get better hardware and run Exchange 2010.

My office is small, we do not run Active Directory, DNS or anythng else.
Just regular 2003 webservers and fileservers in a peer t peer enviornment all behind a simple firewall.


So I need to know how to get started in all of this, I really don't know what AD is or what it entails or how it will change my organization but I know it is required for Exchange 2010 to run.

Can someone help me in figuring out just what I need to do to run Exchange in my simple office network? Can I run it all virtually, can I run AD, DNS and Exchange on the same server?  I am just so clueless.
0
Comment
Question by:EGormly
  • 12
  • 7
  • 4
  • +2
26 Comments
 
LVL 6

Expert Comment

by:Elwin3
ID: 33531330
Ok there are 2 main routes here:1 - Buy Windows Small Business Server 2008 - this runs on a single server and is everything in one box. This is ideal for a busines of up to 75 users and is less expensive than buying the full products (Windows 2008, Exchange etc). However, Small Business Server 2008 only includes Exchange 2007 so you will not get 2010. But that's probably the best option. Also loads of tools to setup easierly out of the box.2 - Buy 2 or more servers (or 1 big one and virtualise it!) and run Windows Server 2008 Standard one one server as a Acitvie Directory Domain Controller and DNS server. The second server would run Windows Server 2008 with Exchange 2010 on top. Licenses and hardware is more expensive this way and more complicated to setup. Why 2 or more servers ? - It is not recommended by Microsoft to run Exchange and Acitvie Directory Domain Controller on the same server. Get a local Microsoft Small Business Specilist to advise you.
0
 
LVL 10

Expert Comment

by:dhruvarajp
ID: 33531336
Active directory is required for exchange
what i recomend you on basis of your requirement is  a SMALL BUSIBESS SERVER 208
that gives you following all services from single server

http://www.microsoft.com/sbs/en/us/compare-features.aspx

further there are two options with SBS
premium or  standrad

as you do not  use SQl i think standrad will work for you... however if you want to use SQL later
you might want to consider Premium


Thank you
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33531347
Ok - I have personal experience of Ice Warp and whilst it has its place in small organisations it soon starts to grind to a halt when put under load.

Active Directory is, quite literally, a directory of resources in your network - users, computers, domain controllers etc.

You need Active Directory to run Exchange.

Depending on your budget, you could invest in and run Small Business Server which would give you everything you require on a single box. Obviously, you require a server to install it onto and you need to be aware that there are limits to the number of users it will support (though I'm unsure off-hand what those limits are).

Or, you can run all that virtually - most likely on a single server. You can get a hypervisor (the bit that allows you to run virtual machines) from VMware for free.

Although, from personal experience I can recommend something like a pair of HP ProLiant ML350 G6 (as were available at the time) servers, with VSphere Essentials Plus and a Thecus N7700 or N7700 Pro.

I configured a similar set up as that for a small company earlier this year and I was incredibly surprised at how well the Thecus boxes perform as iSCSI devices (don't fear this, it is just SCSI that gets sent over the network).

However you look at this, the company you work for will have to invest in hardware and licenses (each virtual machine, for example requires a server license and CAL's or you have to pay for Small Business Server).

I suspect that it might actually be more cost effective for you to consider a hosted Exchange solution - the more complex and costly tasks are handled for you and you don't have to worry about backup etc.
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33531386
I have to point out here too, that if you run Active Directory on a single server (whether it is physical or virtual) you MUST make sure it is properly backed up. Otherwise if you lose the server it's on you have to start again from scratch.
0
 

Author Comment

by:EGormly
ID: 33531441
Will running active directory on a new SBS server do anything to my existing network? will it screw it up?
0
 

Author Comment

by:EGormly
ID: 33531460
I forgot to mention, I have a licensed Windows Server 2008 from our action pack, can that run all of this on on server? AD, DNS and EXchange?
0
 
LVL 10

Expert Comment

by:dhruvarajp
ID: 33531509
you can join the exiting severs to the sbs ad domain, and the dns be in the sbs itself
..
0
 
LVL 2

Expert Comment

by:panman3
ID: 33531561
Installation:
-------------

- install Windows Server 2008 R2
- you actually need AD to support Exchange, and this will benefit you later as you can also integrate all your fileservers in it with a much easier and centralised user-rights-management.
- AD-services can be added as a role in a next-next-finish wizard so not too difficult
- you can then create your first (admin) users in administrative tools - AD users and computers
- install a second server and make it a secondary domain controller (same procedure but you have to choose to add it as a new DC to an existing domain) => you ALWAYS need a backup server; if a single-instance-AD-server crashes then you lose everything (need difficult restore procedures from backup tapes).
- install a third server with exchange 2010. You can choose to install all Exchange roles on 1 machine.
- you then need to add users to AD and create mailboxes in Exchange for these users
- finally you need a publishing method through your firewall to allow SMTP traffic and if needed webmail +DNS MX records for your domain to point to your external IP.

All these tasks are mostly "out of the box" wizard driven configs (except publishing to internet) but nevertheless not an easy job if you're note familiar with the products.

Virtualisation:
---------------

You can run all of the mentioned servers on a virtual platform (VMware vSphere 4, HyperV or similar products) but make sure you have redundancy (multiple hosts so you can cope with a hardware malfunction).

Virtualisation also requires a good network backbone so you can split server-application-traffic from VM-management-traffic like vMotion (which can put a lot of stress on the network if they are not put into a separate VLAN)

Combining roles:
-------------------

Do not make the sacrifice of running Exchange on your Domain Controllers!!! Keep it separate. This will save you a lot of trouble and of course it is more flexible if you were to need a bigger environment later or add more servers (fileservers, sharepoint, whatever...)

AD and DNS are default dependant of each other so they are automatically installed together when you choose to create your domain controllers. Don't worry about this part of your network design.

If you have a DMZ then you could consider placing the Exchange EDGE role on a separate server in your DMZ. You can then filter messages (spam etc) on the EDGE before they reach your Exchange organisation.

If you need more redundancy besides good Exchange backups then you can split the CAS/HUB and MBX role and put them on different servers (CAS/HUB is for client access and transport roles; MBX is your actual database store). In my case we even have 2 CAS/HUBs and 2 MBX servers in failover cluster so we can reboot any server without interruption and are protected if any server fails for any reason (not that we have experienced failure so far but there are multiple scenarios foreseeable).

Hope this helps a bit.

Regards,
Geert
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33531574
Ok I think I may have a solution for you that might work with minimal impact to your existing services.

Install Windows 2008 from your action pack. I take it you have Exchange 2010 on there, too?

Once it's installed create an active directory environment - choose the fully qualified domain name carefully and it is generally considered good practice to choose an internal name that ends in something like .local - e.g. contoso.local

So, for example, you could have me.you@contoso.com as an email address but log on as me.you@contoso.local

To do this, you would log on as the administrator and run DCPROMO

Once Actice Directory is installed, you can install Exchange on top of it - this is not recommended!

I'm going from memory now, but you should perform a default installation and when asked, tell Exchange that it will deliver email to/receive email from the internet.

You then need to set your firewall rules to allow port 25 through to your Exchange server.

And you would need to register a MX record with your ISP that points to your external IP address of said firewall.

Really though - if you're so unsure with this I would seriously recommend a hosted solution.
0
 
LVL 2

Expert Comment

by:panman3
ID: 33531655
In spite of what collegue expert comments mention: I would never recommend Small Business Server. As Lead System Engineer for a hosting company I am perhaps somewhat pre-judged but I have seen nothing but trouble with SBS. A lot of our clients are actually turning to hosted mail because they had multiple catastrofic failures with SBS and were tired of long restore procedures.

If you are reverting to a cheaper solution and not go for fullblown server products then I would like to divert your attention to hosting. There are a lot of very good Hosted Exchange sollution available (I won't mention any as again I want to keep this as objective as possible and I am in fact in this business)

My 2 cents...

Regards,
Geert
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33531683
I second Geert's comment, even though I drew your attention to SBS I wouldn't normally recommend it due to problems with supporting it (most companies I know that do tech support simply won't touch SBS) and other general issues.

But...that said, I've heard decent reports about 2008, so it wouldn't be fair to not inform you of it as an option.

However - and I don't work for a hosting company, but have worked for Microsoft as an Exchange consultant, I think for your particular needs, an external hosting solution would be better.
0
 

Author Comment

by:EGormly
ID: 33531984
external isn't an option, I tried to request that, just not happening.
Too much money, we have the "free" license for 2008 and Exchange (and SQL for that matter) and they are willing to spend 3K on a server, but not on a hosted solution, which means I must learn how to do all this pronto!

We already host our own mail server so registering domain and MX and all that isn't an issue.

I am a bit confused about AD.
Tony1044 said:
"Once it's installed create an active directory environment - choose the fully qualified domain name carefully and it is generally considered good practice to choose an internal name that ends in something like .local - e.g. contoso.local"

I am not sure what you mean here, we already have a domain name
company.com

our mail server runs on mail.company.com and I have a lot of sub domains like members.company.com etc... we have a full block of IPs as well   000.000.000.001 - 000.000.000.254

So when setting up a fully qualified domain I would put.. what exactly?
company.local?
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33532098
Seriously I think you are settnig yourself up for a lot of pain.

Your current company.com is used for email delivery - that bit wouldn't change per se, but instead of being delivered to your Ice Warp server it would be delivered to Exchange.

Active Directory is basically a directory of resources that, among other things, allows you to log on and access things like file shares and Exchange.

You would have to set up transport rules within Exchange to allow it to accept emails for your different domains.

So the steps would be something akin to:

Set up active directory as company.local

Install Exchange.

Exchange, by default, will only accept emails for @company.local so you would need to tell it to accept them for, say company.com, company2.com etc.

Really though, although it's possible to fudge your way through an AD & Exchange installation, given your fundamental lack of knowledge I still believe a hosted solution would be better for you. That or emply a contractor for a day or two to do it for you and show you the steps.

And that isn't my being rude - I just want to save you the problems that will inevitably come. You'll end up spending a lot of money getting it put right later.

0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33532149
Just noticed your comments about external hosting being too expensive - it might not actually be as expensive as you are expecting.

Try popping some figures into Google's calculator:

http://www.google.com/apps/intl/en/business/messaging_value.html
0
 
LVL 2

Expert Comment

by:panman3
ID: 33532300
The external domain company.com is used to create URLs that can point to various servers, webservices or websites. This domain is typically hosted on an external DNS server from your provider and there you create all sub-records.

The name for your domain is just a dummy name to identify your domain and (for larger companies) if needed create links to other domains f.e. from recently acquired companies. You typically choose an AD-domain-name that clearly references you organisation but is never to be used for public publishing.

F.E. mycompany.local
all users then get accounts with login name username@mycompany.local or the old version: mycompany\username
all computers will be available as server1.mycompany.local and will have their own internal DNS record.

(Although you see an @ there, this has nothing to do with their actual SMTP address which will be username@company.com)

If you want to publish a website on url www.company.com then it points to an external IP address of your firewall. The firewall will send the traffic for this site internally to server1.mycompany.local but again; both domains are not related to each other directly.

It is not recommended to use an externally registered domain because you would in fact create a split-DNS: your external DNS contains the public names, but your internal DNS overrides this for internal users:
- an internal user wants to use server1.company.com. Your internal DNS directs it to this server.
- an internal user wants to use www.company.com. Your internal DNS does not know this url but will never ask it to the external DNS because it thinks it is itself authoratative for this domain. The user will not find the site unless you also define it manually on your internal DNS.

Reversed: if you were to use your internal DNS as authoratative you would publish all your servernames on the internet so externally server1 would have an A-record and the url server1.company.com would actually point to an internal IP. This would not be resolvable but it is "too much information" that could perhaps be misused by hackers.

You need to see the AD-domain as a kind of URL system for internal use that has nothing to do with the webdomains you want to use. Perhaps later you will want to use a new additional webdomain so you can also publish the same website on server1 under a new name. The internal names never change but you have the freedom of accessing them through nice, proper website names.
You also have the freedom to keep your current website name and suddenly point it to server2 when you have developped a brand new website on a new server.

Gr,
Geert
0
 

Author Comment

by:EGormly
ID: 33532314
>>Seriously I think you are settnig yourself up for a lot of pain.

I am WELL aware of that, it's par for the course here, I talk to brick walls every day.

Why can't I set it up as company.com instead of company.local? I already own the company.com domain, the DNS at sprint already points to our IPs here in the office and we have a qualified MX in mail.company.com

And if I can't I would imagine everyone has this issue, no one sends to company.local...

I know I am missing fundementals involved with AD and Exchange but that's the price I am paying to get something more reliable than icewarp and also, why I came here for advice.
0
 

Author Comment

by:EGormly
ID: 33532342
thanks panman3 I didn't see your reply until after I typed my question about it vefore.
I understand now.

I still dont se how that is any kind of problem for Exchange as  Tony said, I mean, everyone must do it that way, setting up Exchange to receive/deliver to mail.company.com?
0
 
LVL 2

Expert Comment

by:panman3
ID: 33532572
Just to give you an idea of the "cheap" internal solution, but further of no relevance because it appartenly is already decided where your environment will go:

In the price of your "cheaper" internal solution you have to calculate everything from
- hardware
- hardware support
- hardware upgrades and maintenance
- server room maintenance, power consumption, cooling, ...
- software maintenance (all the hours you need to put into it to keep it up and running)
- backup infrastructure (more hardware)
- backup software (licences)
- what if something happens and you need 2 days to restore the lot; productivity from your 25 users is lowered so you loose in fact a lot more workhours than just your own
- setup cost = all hours needed for: you installing the entire environment and getting all bugs out, figuring everything out by personal education or actual paid courses
- ... (I'm certainly forgetting some costs)

You also need bigger hardware than actually needed to allow for growth and to deliver at peak hours f.e. in the morning at 9AM) => you only use average 10% CPU and peak at 90% => a lot of lost capacity that you have actually paid for.

put this all in a worksheet and devide it by xx because after xx years you'll need new hardware, new software and the whole thing starts over. Typically 4 to 6 years, certainly no longer!

Especially the maintenance cost weighs very high.

Hosting does everything in big volumes so f.e. the maintenance costs stay the same for a much bigger environment; hardware is of a different kind (scalable, only 25% oversized instead of typically 1000%); load is spread (we run constantly at 75% day and night because we also have clients from different timezones + batch jobs run at low hours) => hardware costs are therefore much lower per user (about 1/8 of the cost you would have to make for the same result in constant performance)
High availability copes for every possible malfuntion (power redundancy from multiple suppliers, network redundancy from different carriers, hardware redundancy, cooling redundancy etc) so your users will not be impacted and have bad performance

Perhaps you could impress your managers with a nice calculation ;)

But enough promo-talk for now...

Gr,
Geert
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33532735
I apologise if my comment came across as harsh or patronising - it most certainly wasn't intended that way, but re-reading it, I can understand how it would have.

I'll try to give you the steps, but this is from memory as I don't have any kit in front of me to run through it right now.

What you need to do is install Windows and then give it a static IP address. After that, you can make it a domain controller.

For the reasons Geert has explained, when you promote your computer to become a domain controller choose company.local as the fully qualified domain name. If you are asked about the NETBIOS name, just leave it at company

It is, also fairly obviously, the first domain controller in a new forest and domain.

As part of the installation, the server will become a DNS server.

Really, you should then configure your clients to use the domain controller as their DNS server and configure the DNS server to forward requests out to your ISP DNS server.

Here is (partly) where the company.local and company.com seperation becomes important: Let's say one of your desktop computers needs to look up company.local - it will query your new DNS server and find it. If it needs to lookup company.com it will query your DNS server and not be able to find it. Your DNS server will then forward the request out to the web and get back an answer, which it then passes on to your client.

Next you need to install Exchange, but there are a number of things you need to do first and rather than let the installation wizard fail at each step, I'd just google the preinstallation requirements for Exchange 2010.

As I mentioned above, Exchange 2010 now asks if your server is connected to the internet - in your case, it is and you can tell it your first external domain name, company.com

Assuming Exchange installs ok, you can create users in active directory users and computers.

What you effectively get is a user - me@company.internal or just company\me with two email addresses - one for @company.local and one for @company.com

WIthin the Exchange Management Console, you would need to configure accepted email domains for all of your extenal company addresses, e.g. contoso.com, tailspintoys.com etc.

You can then configure email address policies that assign these mail addresses to your users.

So...let's say there's a user Joe Smith. His login is company\jsmith and his email addresses are joe.smith@company.local, joe.smith@company.com, and joe.smith@tailspintoys.com

You need to decide which email address is his "standard" or "reply to address"

You can only have one reply to address per username.

Multiple domains can share a single MX record too.

If you require exact setup steps, I'm more than happy to assist you as you go along because I appreciate the above is a bit vague, and I can only apologise again that this is because I have no test kit to hand to go through them one step at a time.
0
 
LVL 25

Accepted Solution

by:
Tony1044 earned 500 total points
ID: 33532856
Actually I've found some step by step instructions for the installation:

   1.  Install the 2007 Office System Converter: Microsoft Filter Pack: http://go.microsoft.com/fwlink/?linkid=137042
   2. Add the appropriate Windows components/features
         1. Open PowerShell via the icon on the task bar or Start >> All Programs >> Accessories >> Windows PowerShell >> Windows PowerShell. Be sure that PowerShell opened with an account that has rights to install Windows components/features.
         2. Run the following command: Import-Module ServerManager
         3. For a typical install with the Client Access, Hub Transport, and Mailbox roles run the following command:

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart.

For a full list of required Windows components with regards to the Exchange server roles see:

http://technet.microsoft.com/en-us/library/bb691354.aspx#WS08R2

   3. As your Exchange server will have the Client Access Server role set the Net.Tcp Port Sharing Service to start automatically
         1. Open PowerShell via the icon on the task bar or Start >> All Programs >> Accessories >> Windows PowerShell >> Windows PowerShell. Be sure that PowerShell opened with an account that has rights to modify service startup settings. (i.e. right-click on it and choose to Run As Administrator)
         2. Run the following command: Set-Service NetTcpPortSharing -StartupType Automatic

   1. Logon to the desktop of your soon to be Exchange server with a Domain Admin account.
   2. Run setup from the Exchange 2010 media.
   3. Click on "Step 3: Choose Exchange language option" and choose the option to Install only languages from the DVD.
   4. Click on "Step 4: Install Microsoft Exchange."
   5. Click Next at the Introduction page.
   6. Accept the license terms and click Next.
   7. Make a selection on the Error Reporting page and click Next.
   8. Stick with the default "Typical Exchange Server Installation" and click Next.
   9. Choose a name for your Exchange Organization and click Next.
  10. Make a selection on the Client Settings page and click Next.
  11. If you want your Exchange server to be available externally then choose a domain name such as mail.myorganization.com, click Next.
  12. Make a selection on the Customer Experience Improvement Program page and click Next.
  13. If all the prerequisites are there then you can click Install.
  14. Grab a cup of coffee or take a walk while the installation process does its thing.
  15. When the installation has finished go back to the Exchange installation page click on "Step 5: Get critical updates for Microsoft Exchange."
  16. Install Microsoft Update (if necessary) so that Windows update will check for non-OS updates, and verify that there are no Exchange updates.

I'll see if I can dig something out for you for Active Directory
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33532876
Found this on Technet which you might find a useful guide:

http://technet.microsoft.com/en-us/library/cc755059%28WS.10%29.aspx
0
 

Author Comment

by:EGormly
ID: 33533375
Tony I didn't find any of your replies harse nor patronizing in the least.. no worries!

Both of you have been great, I am sold on hosting solutions but I know who I work for, my "time" is not a consideration. It won't happen.

Tony, thanks for the wealth of info.
I am going to leave this question open for a day while I digest some of that.  It looks like what I thought.
I was worried about AD screwing up my internal network.
I think I might have to go virtual so I can have a backup AD in case things go screwy and also a virtual Exchange dedicated server.  I have a secondary mail2.company.com so I think I will do all my testing this way before migrating.  The hardware shouldn't be an issue as I am going to build a decent monster capable of virtualizing the 3 servers.

Then once the setup is complete I will use the current mail server as a virtual host I can use in the whole scheme.

Thanks for the ifo I will score and close the question shortly.
I am just leaving it open for a while in case anyone forgot a tidbit or someone wants to add two cents to the pot...
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33533504
Glad to help.

In terms of virtualisation, I've used VMware's free hypervisor on many occasions and it is a very good solution.

Server-wise, I'd recommend something with at least a pair of CPU's and plenty of RAM (as much as you can talk them into, but as a bare minimum, think 16-32GB).

Also get the fastest disks you can and if you can convince them for external storage as I said before I've managed to get two Thecus N7700 with (of all things) SATA disks in running the disks of 16 virtual machines - and one of these was a file server with the user profiles for around 250 users and it never once slowed down.

I can seriously recommend the HP ProLiant DL380 G7 - it's embedded RAID controller, the HP Smart Array P410i supports RAID 1 + 0 and although this loses you 50% of the disk capacity, it is incredibly quick, especially at random reads/writes which other RAID levels can struggle with (don't be tempted to go RAID 5 as a rule as this can be incredibly slow writing when it calculates the striping).

More info on HP's RAID controllers is here:

http://h18000.www1.hp.com/products/servers/proliantstorage/arraycontrollers/index.html

I would also seriously recommend the 512MB Battery Backed Write Cache (BBWC) module as this will also increase performance.

I would also suggest that you do a proof of concept - register a new external domain name and then build a test AD environment with Exchange for the external domain to get to grips with it. Create a couple of users and add in a couple of desktops (you can even make them virtual if you want) and you will quickly come to see that it's not such a big thing as perhaps it seems at first.

I'm always happy to help in any way that I can.

Again - happy to help with any guidance you require.
0
 

Author Comment

by:EGormly
ID: 33535043
>>"I would also suggest that you do a proof of concept - register a new external domain name and then build a test AD environment with Exchange for the external domain to get to grips with it."

Coud I just use the secondary we have now?  mail2.company.com or should it be completely different?
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33535330
If it doesn't already have any mail service I don't see why not. If it does, it might be less complex to use a new one.
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33539309
Actually having thought about this - even if it does, that's possibly better as it's more of a real world proof of concept for you.

And of course, happy to continue to assist if/where necessary.
0

Join & Write a Comment

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now