What is the preferred ip scheme to test the functionality of a windows 2012 R2 installation with Active Directory and exchange.

Good evening Experts ,

I am testing on my laptop that has the following specs:

What  I am testing is an install of server 2012 R2.

The installation was completed using Vmware Workstation V11.
Now I want to install:

1. Active Directory (no problem)
2. DNS (No Problem)
3. DHCP ( No problem)
4. Exchange 2013 ( will ask another question if necessary for this install)

What I need to know from you experts is what is the preferred IP scheme that I need that will closely mimic a live environment, as my final goal is to get the exchange server working to the point where I can associate AD accounts with Exchange accounts that will work going out to the INTERNET. In other words , I would like to create a user along with and exchange account and be able to send and email to my personal comcast.net email account.

Hope I have outlined what I need. Thanks in advance for your responses and potential solutions.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Carol ChisholmCommented:
Your problem will be that you are probably using a private internet connection with a public IP address assigned by DHCP.
You should have a fixed public IP address in a business range and an MX record and appropriate reverse DNS entry for the domain that you want to send mail from.
Exchange is a domain-based mail system designed for use by businesses.
SMTP mail transfer is normally only allowed from business IP addresses.

Perhaps Comcast is relaxed about this but certainly in Europe SMTP coming from "private" addresses will be blocked.
BLACK THANOSAuthor Commented:
I need to absorb what you said Carol.

I purposefully asked the question in my original post so that I would get a discussion on exactly what you posted above.

1. One . I wanted to see if I should acquire a public address from comcast.
2. Email communication wont work without an MX record, but I am unsure who to contact to set that up once I get the public address established.

My questions to you are:

1. Once I get  a public address for my  comcast modem/router , what internal IP scheme would you suggest; i.e 172.x.x.x, 192.x.x.x, 10.x.x.x. or something else.

2. Also , you wrote:

"You should have a fixed public IP address in a business range and an MX record and appropriate reverse DNS entry for the domain that you want to send mail from."

Once I obtain a fixed public address , the question still becomes how do I configure the MX record for Exchange.

I hope I have been clear enough.

I would suggest a more simpler way but its a bit of a diversion - use MS Azure and Exchange in the cloud.  You can a free 30 / 60 days trial and then set up your complete test environment in the cloud itself with no cost to you for the initial trial period as I mentioned.

On the other hand if you want to go the old way (as in your email) - Just speak to your ISP and ask them for a test Static IP for a month and ask them to DNS forwarding from that public IP to your local outer's outside IP- then simply login into your router console and do a port forwarding to your internal exchange IP and it should all work.

The ISP will also have a facility to do DNS forwarding to your registered domain's DNS.  I would suggest you use a new test domain name with mail facility - Godaddy are very good, simple and web based to set up.

If you looking to do internal outlook testing just add an MX record in your local DNS.

Hope using one of these steps helps.  Let me know if I can help any further.

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Carol ChisholmCommented:
Chetan's solution will work too,

The private IP does not matter at all. it is private and irrelevant. You should also look at IPv6, but for a test you can let that autoconfigure.
Somewhere you have to have a NAT, port forwarding or conversion from private IP to Public IP. You can do this with NAT in your firewall or with a Web Application Proxy on another server, or if this is a test environment with two network adapters in your Exchange server.

All this stuff is networking stuff, it is more complicated than the Exchange stuff, but necessary to make Exchange work, and very important to understand well in a production environment.

When you have  a public IP address you get access to a DNS editor at your ISP (Comcast)

You can configure the MX record yourself. You can go to a site like mxtoolbox.com to check your configuration.
Carol ChisholmCommented:
Here is a DNS entry for a typical test domain. This domain has 5 public IP addresses. There is a DZC record for proving to Godaddy it is my domain so I can get a certificate for the Exchange server.
There is a long and complicated TXT record for calendar federation with Microsoft. There is an autodiscover record, essential for easy access to email outside the local network. there is an MX record (there is also another backup low priority one further down the list.

I'm not sure what your objective is, but there is a lot to do to get a real email server working well.

Each ISP has a different interface for DNS, so yours may or may not look like this.
BLACK THANOSAuthor Commented:
My Goodness,
I didn't know it would be so involved. I am only doing this in a test environment for proof of concept. Is there an exchange tutorial that will take me through the steps I need to get this up and running. As much value I attribute to your responses, I need a bit more hand holding in the form of a step by step. Keep in mind , simply installing exchange is simple , but making it functional both inside my network and outside is what I am needing some guidance on. I hope you can push me in the right direction.

I have a couple of documents we had created when we helped a client test exchange 2013 before deploying it a month or so ago for them.  Its a complete working setup for testing known as POC - Proof of Concept Document and its designed to be as simple as possible.

Give me time till evening GMT and I will send it here.

Carol ChisholmCommented:
It's complicated,
The internal stuff is easy, you have nearly finished it. The IP scheme you choose as you want. Probably 192.168.168.x is easiest as it is a class C.
But you have to remember that as soon as you get into the public domain you have to keep proving you're not a spammer, or distributing viruses by email.
And that as soon as you put your server out on a public IP address the bad guys will start attacking it.
To do OWA and SMTP you have to open up the server somewhat and within a few seconds a bad guy will attack it if it is not properly protected.
So you have to do and understand networking, firewalls, public DNS, fixed IP addresses.
Wait and see what Chetan has

I am copy pasting the whole doc in here with screenshots.   I have had to hide some sensitive details as per customer agreement and policy.  Let me know if you need anything more .....


Solution Topology
For the purpose of writing this document for future reference, we installed the following environment on Windows Azure:
Figure 1: Solution topology
The following table details the server characteristics, in terms of software and hardware:
Server Name      VM Size      Role      Software
AZ-DC-2K12      Small
(1 core, 1.75GB)      Domain Controller
DNS Server      Windows Server 2012
AZ-EX-2K13      Medium
(2 cores, 3.5GB)      Mailbox role
Client Access role      Windows Server 2012
Exchange Server 2013
Table 1: List of servers
Deployment Process
Provisioning the Exchange Server 2013 test environment on Windows Azure can be accomplished with these 5 configuration steps:
1.      Configure the virtual networking settings (optional)
2.      Create a storage account
3.      Provision a virtual machine from the Windows Azure Gallery and configure it as a Domain Controller
4.      Provision the Exchange Server virtual machine using PowerShell
5.      Install Exchange Server 2013
1.    Configure Virtual Network
After signing up for the Windows Azure 90 day free trial, it’s time to start configuring the environment. Creating dedicated subnets is an optional step, but, from my point of view, it’s good practice.
We will also be configuring Affinity Groups, a way to guarantee that Windows Azure services are placed together and close to each other, within acceptable latency times.
1.      Open a browser and navigate to the Windows Azure Management Portal (http://management.windowsazure.com) and sign in using a Microsoft Account. To create an affinity group, open the NETWORKS area of the Management Portal, click AFFINITY GROUPS, and then click either ADD AN AFFINITY GROUP or CREATE (Figure 2).
2.      At the Specify Affinity Group Details screen, enter a NAME and select the REGION where you want to deploy your test environment (Figure 3).
3.      Wait for the operation to complete by checking the green bars animated icon at the lower right corner of the portal (Figure 4).
Figure 2: Windows Azure Affinity Groups
Figure 3: Create Affinity Group
Figure 4: Windows Azure operations completed
4.      Now let’s move to the sub netting part. In the lower left-hand corner of the screen, click NEW. In the navigation pane, click NETWORKS, click VIRTUAL NETWORKS, and then click CUSTOM CREATE (Figure 5).
5.      On the Virtual Network Details screen (Figure 6), enter the NAME and select an AFFINITY GROUP from the drop-down list. Click the next arrow.
Figure 5: New Virtual Network
Figure 6: Virtual Network Details
6.      On the Address Space and Subnets screen (Figure 7), start by entering the desired ADDRESS SPACE (must be a private address range,,, or, as specified by RFC 1918). Define new subnets, by entering a name, a valid subnet and clicking the add subnet button.
7.      On the DNS Servers and Local Network screen (Figure 8), on the lower right-hand of the screen, click thecheck button. If you want to use a public DNS service, you can enter that information on this screen. For more information, see Windows Azure Name Resolution Overview.
Figure 7: Address Space and Subnets
Figure 8: DNS Servers and Local Network
2.    Create the Storage Account
The next step is to create a storage account so that we can instantiate and store the necessary VHD files of our virtual machines.
We’ll use Locally Redundant Storage instead of Geo-Redundant Storage in order to get a little bit more performance:
•      Bandwidth for a Geo Redundant storage account
o      Ingress - up to 5 gigabits per second
o      Egress - up to 10 gigabits per second
•      Bandwidth for a Locally Redundant storage account
o      Ingress - up to 10 gigabits per second
o      Egress - up to 15 gigabits per second
For more information, please read:
•      Windows Azure’s Flat Network Storage and 2012 Scalability Targets
•      Data Series: Introducing Locally Redundant Storage for Windows Azure Storage
1.      On the Windows Azure Management Portal select STORAGE from the left pane (Figure 9).
2.      Click NEW and then QUICK CREATE. Enter a name in the URL box, select the affinity group previously created at the REGION/AFFINITY GROUP box and then make sure the Enable Geo-Replication box is not selected (Figure 10).
Figure 9: Windows Azure Storage
Figure 10: Creating a storage account
3.    Install and Configure the Domain Controller
Follow these simple steps to create a custom virtual machine running Windows Server 2012 using the Windows Azure Management Portal:
1.      At the Windows Azure Management Portal, on the command bar, click NEW, click VIRTUAL MACHINE, and then click FROM GALLERY (Figure 11).
2.      The VM OS Selection dialog box appears (Figure 12). We’ll select the latest Windows Server 2012 image available and then click the arrow to continue.
Figure 11: Create virtual machine from gallery
Figure 12: Virtual machine operating system selection
3.      At the VM Configuration dialog (Figure 13), type the VIRTUAL MACHINE NAME you want to use, type a (complex) PASSWORD for the Administrator account and select the SIZE of the virtual machine. For our Domain Controller, Small is just fine. Click the arrow to continue.
4.      At VM Mode dialog box (Figure 14), select STANDALONE VIRTUAL MACHINE. In DNS NAME type a name for the cloud service that is created for the virtual machine. Select the STORAGE ACCOUNT for the VHD file. InREGION/AFFINITY GROUP/VIRTUAL NETWORK, select e2k13-vnet previously created and select the DC-Subnet from the available VIRTUAL NETWORK SUBNETS. Click the arrow to continue.
5.      The VM Options dialog box (Figure 15) appears. We’ll create a new AVAILABILITY SET and define a newname for it. Click the check mark to create the virtual machine.
Figure 13: Virtual machine configuration
Figure 14: Virtual machine mode
Figure 15: Virtual machine options
6.      After Windows Azure creates the virtual machine, it is listed as Running in the Windows Azure Management Portal. Click the newly created virtual machine and notice the DNS name at the DASHBOARD (Figure 16). This will be the name used to connect by RDP to the server (Figure 17). Also notice the INTERNAL IP ADDRESS, as we’ll need to use it as the internal DNS server for the Exchange virtual machine.
7.      Connect to the machine and follow the regular steps to promote it to a Domain Controller (dcpromo). For more information, please read Install a new Active Directory forest in Windows Azure. All the virtual machines on Windows Azure must have a dynamically assigned IP by DHCP, so you’ll be presented a warning during the dcpromo process. Although the IP address on the Windows Azure Virtual Network is dynamic, its lease lasts for the duration of the VM. Setting a static IP address in the VM will cause communication failure.
Figure 16: Virtual machine dashboard
Figure 17: Remote Desktop Connection
4.    Provision the Exchange Server Virtual Machine
To provision the virtual machine for the Exchange Server we’ll use a PowerShell script since it allows us more functionality than the portal (setting the DNS server and joining a domain, for example).
In order to run the PowerShell script, you must have Windows Azure PowerShell which can be installed from the Downloads for Managing Services in Windows Azure page. For detailed instruction, please read Windows Azure PowerShell.
To write the script we’ll need to know the name of the latest Windows Server 2012 image. That name can be obtained by running the PowerShell command:
Get-AzureVMImage | Select ImageName
Figure 18: Get-AzureVMImage | Select ImageName
The URL of the blob storage is also needed, and it can be obtained by clicking the storage account created (e2k13), and then clicking CONTAINERS (Figure 19).
Figure 19: Storage URL
This script will execute the following actions:
•      Connect to our subscription
•      Create a Medium virtual machine with Windows Server 2012 and connect it to the E2K13-Subnet
•      Add 2 data disks to the virtual machine, one with 50GB for the DB, other with 10GB for the logs
•      Open the necessary external endpoints: SMTP (25), HTTP (80) and HTTPS (443)
•      Define the IP address of the domain controller ( as the primary DNS
•      Join the machine to the CONTOSO domain
# Create Exchange Server
# Your imported subscription name
$subscriptionName = "MSExchange.org"
$storageAccount = "e2k13"
Import-AzurePublishSettingsFile 'C:\Temp\e2k13-demo\MSExchange.org-credentials.publishsettings'
Select-AzureSubscription -SubscriptionName $subscriptionName
Set-AzureSubscription -SubscriptionName $subscriptionName  -CurrentStorageAccount $storageAccount
# Cloud Service Paramaters
$e2k13ServiceName = "az-e2k13"
$e2k13ServiceLabel = "az-e2k13"
$e2k13ServiceDesc = "Cloud Service for Exchange Server 2013"
# Gallery Images
$e2k13image= ‘a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-Datacenter-201212.01-en.us-30GB.vhd’
#Network Settings
$vnetname = 'e2k13-vnet'
$e2k13SubnetName = 'E2K13-Subnet'
$ag = 'e2k13-ag'
$primaryDNS = ''
# Availability Sets
$avsete2k13 = 'e2k13-as'
# Domain Settings
$domain = 'contoso'
$joindom = 'contoso.com'
$domuser = 'administrator'
$dompwd = 'P@ssw0rd2012'
$advmou = 'OU=AzureVMs,DC=contoso,DC=com'
# MediaLocation
$mediaLocation = "http://e2k13.blob.core.windows.net/vhds/E2K13/"
# Create Exchange Server
$size = "Medium"
$vmStorageLocation = $mediaLocation + "AZ-EX-2K13.vhd"
$e2k13 = New-AzureVMConfig -Name 'AZ-EX-2K13' -AvailabilitySetName $avsete2k13 `
            -ImageName $e2k13image -InstanceSize $size -MediaLocation $vmStorageLocation |
        Add-AzureProvisioningConfig -WindowsDomain -Password $dompwd `
            -Domain $domain -DomainUserName $domuser -DomainPassword $dompwd `
            -MachineObjectOU $advmou -JoinDomain $joindom |
        Add-AzureDataDisk -CreateNew -DiskSizeInGB 50 -DiskLabel 'ExDB' -LUN 0 |
        Add-AzureDataDisk -CreateNew -DiskSizeInGB 10 -DiskLabel 'ExLogs' -LUN 1 |
        Add-AzureEndpoint -Name 'smtp' -LocalPort 25 -PublicPort 25 -Protocol tcp |
        Add-AzureEndpoint -Name 'http' -LocalPort 80 -PublicPort 80 -Protocol tcp |
        Add-AzureEndpoint -Name 'https' -LocalPort 443 -PublicPort 443 -Protocol tcp |
        Set-AzureSubnet $e2k13SubnetName
$dns1 = New-AzureDns -Name 'E2K13-DNS' -IPAddress $primaryDNS
New-AzureVM -ServiceName $e2k13ServiceName -ServiceLabel $e2k13ServiceLabel `
            -ServiceDescription $e2k13ServiceDesc `
            -AffinityGroup $ag -VNetName $vnetname -DnsSettings $dns1 `
            -VMs $e2k13
With the necessary management tools installed, we’ll use Windows PowerShell ISE to run the script:
1.      Paste the script into Windows PowerShell ISE and hit Run (F5). Wait for the virtual machine to be provisioned.
2.      After the completion of the provisioning process, at the Windows Azure Management Portal, click the newly created machine and select ENDPOINTS. Notice the endpoints were created (Figure 20) and take special attention to the remote desktop external port since most probably it won’t be 3389 (standard RDP port).
3.      Establish a remote desktop connection to the server and run Disk Management (Figure 21) in order to create volumes on the 2 data disks created during the provisioning process. After formatting the data disks, you can browse them in Windows Explorer. Please notice the Temporary Storage disk D: (Figure 22). This disk should not be used to store permanent data as it will be lost in case of a virtual machine refresh. Disk D: is used only for caching purposes and temporary data.
Figure 20: AZ-EX-2K13 Endpoints
Figure 21: Disk Management
Figure 22: Hard Disk Drives
5.    Install Exchange Server 2013
Since there are no significant differences installing Exchange on Windows Azure when compared to installing it on any other virtualization environment, this article won’t cover the setup process in detail.
After downloading the Exchange 2013 ISO file and mounting it on the Windows Server 2012 machine, I just had to run Setup (Figure 23). All the Readiness Checks were completed and the only warning was that the AD Forest was going to be prepared for Exchange Server 2013 (Figure 24), as expected.
The complete setup process, for a typical Exchange Server 2013 installation (CAS and Mailbox), took only a few minutes and went very smoothly (Figure 25).
All the services came up without any glitch (Figure 26). We even have Outlook Web App available, since we opened the necessary endpoints, by accessing the URL to access your OWA. ( I had to remove this before sending it on this public domain.
Figure 23: Launching Exchange Server 2013 Setup
Figure 24: Exchange Server 2013 Setup: Readiness Checks
Figure 25: Exchange Server 2013 Setup Completed
Figure 26: Microsoft Exchange services

Will a DAG Work?
The short answer is NO! Although I tried to set up a second Exchange server and configure a DAG, there are some technical requirements that are not supported by Windows Azure at this time. The main issue has to do with the additional IP address necessary for the Windows Failover Clustering components. Windows Azure virtual machines only support 1 virtual network card and the IP address must be assigned by DHCP… I knew that, but I had to try.
Figure 28: Failed attempt to configure a DAG

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Carol ChisholmCommented:
Nice post - Black Thanos now you see both solutions are complex. Do take time to think about why you need to do this and what your objective are.
BLACK THANOSAuthor Commented:
Thank you Carol and Chetan.

The both of you have given me the means and tools to perform a proof of concept (POC) for myself. All knowledge is valuable to me , thank you very much.   My only objective here is to master the complex part of establishing an exchange server for public use, as I may be called upon to do this in a real environment.

Regis AKA Black Thanos
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.