WinDeveloper IMF Tune

WinDeveloper IMF Tune
WinDeveloper IMF Tune

Exchange 2010 Hosting Part 1 - The Hard Way

Paul Roman [MVP for Exchange, MCSE, MCSA, MCST, MCITP]

Paul Roman [MVP for Exchange, MCSE, MCSA, MCST, MCITP] Photo

Paul is a Microsoft Certified System Engineer since 1999. His experience covers a large number of Microsoft Exchange implementations starting from small infrastructures and going to large hosting infrastructures for thousands of users. Starting with April 1st, 2010, Paul is MVP for Exchange.

Cast your Vote
Poor Excellent

Hosting multiple Organizations on a single Exchange Infrastructure can give significant hardware consolidation advantages. Exchange 2010 has greatly simplified the setup of such an environment, giving us two implementation options, the hard and the easy way. Today we go down the hard way...

3. New User or Group setup

  1. In order to create a new user for the domain.com tenant, you have to create the user in the correct OU and mailbox database (if you followed the step 2.10). The new user can be created from the Management Shell or the Management Console. The best approach is to use Shell because you can automate the process.

    First of all you have to create a new password:
    $password = Read-Host "Enter Password" -AsSecureString

    And enter the new password. The password must fulfill the domain password complexity requirements.

    To create a new user:
    New-mailbox -UserPrincipalName name.surname@domain.com -database "domain.com MB" -Name "Name Surname" -OrganizationalUnit "ou=domain.com,ou=tenants, dc=addomain,dc=local" -password $password -FirstName Name -LastName Surname -DisplayName "Name Surname" -ResetPasswordOnNextLogon $false -alias name.surname

  2. If you didn't follow the optional step 2.10, you have to assign the Offline Address Book for each user (This step is optional related with step 2.10). To do that, run the cmdlet:
    Get-User -Filter { userPrincipalName -like "*@domain.com " } | Set-Mailbox -OfflineAddressBook "domain.com OAB"

    This cmdlet must be run always after you create a new user.

  3. Add the new user to the company security group (2.3)
    Add-DistributionGroupMember -Identity "domain.com Users" -Member name.surname@domain.com

  4. To create a new distribution group you should run the same cmdlet as in step 2.3

  5. Update all the address lists and the email policy to reflect the new changes.

    After a new object is created you should run the following cmdlets to be sure that all the address books contain it.

    update-EmailAddressPolicy -Identity "domain.com"

    update-GlobalAddressList -Identity " domain.com GAL"

    update-AddressList -Identity "domain.com AL"

    update-OfflineAddressBook -Identity " domain.com OAB"

THE EASY WAY

In the second part of this article we will be back with a procedure regarding hosting environment setup using Exchange 2010 SP1 /hosting switch. Since there is no graphical Management Console, all configurations will be based only on cmdlets.

Reference

White Paper: Configuring Virtual Organizations and Address List Segregation in Exchange 2007

User Comments - Page 1 of 1

Yasu 28 Jun 2012 03:22
This is great! It is working fine within OWA and GAL only shown same tenant users, but when I set outlook for a user, everyone can see everyone at GAL. Is there anyway you can solve this problem? Thanks.
Matthew H. 14 Dec 2011 12:17
Paul: Will there be an Exchange 2010 SP2 "Hosting the Hard Way" guide? Thanks!
Beni 28 Oct 2011 17:37
I cannot get Outlook to work. When I setup Outlook for a new user, I get "The name cannot be resolved - the old ones is ok. The name cannot be matched to a name in the address list." Adding Permissions to the Default GAL solves the problem, but everyone sees everyone. Pls help!
Liam Millar 30 Aug 2011 05:33
I've followed these instrustions and now users are unable to logon, outlook crashes when an account tries to check name?

PLease Help
Paul Roman 24 Aug 2011 03:22
You have UPN and you have User Logon Name (Pre-Windows 2000). The second one needs to be unique within the domain and you can put it whatever you like as long as you will use the UPN for logon purposes.
Levin 20 Aug 2011 04:40
i have an issue, when both the domains need same user for eg. a@abc.com and a@xyz.com. active directory doesn't allow me to create same named user. how to resolve this issue.
Julien 18 Jul 2011 01:35
Hi!thanks for your documentation it's very helpful for me ! I got a question in the third step when you want to remove the permissions from "everyody,ANONYMOUS_LOGON" etc do you speak aout the specials autorisations ? or the classics permissions ?

Thanks again,
Julien
Not Supported 28 Jun 2011 02:04
The above method is not supported by MS and will break Exchange 2010. Only way to do Multi-tenant is via /hosting
Paul Roman 3 Apr 2011 05:51
I am working on "The easy way" . It should be published soon.
Kay 1 Apr 2011 06:25
So what is the easy way? Thanks.
ExAdmin 20 Mar 2011 03:27
Here's an extra tip for you guys.
G/AL Update will update the GAL and AL without having to open the EMS.
www.galupdate.co.uk
Paul Roman 9 Mar 2011 00:17
Hi Mattheus,

Did you delete the Default Global Address List?

Paul
Mattheus 8 Mar 2011 07:00
Very nice and useful guide! I followed this and it works perfectly in OWA, only the company GAL and AL is viewed.

However, I cannot get Outlook to work. When I setup Outlook for a new user, I get "The name cannot be resolved. The name cannot be matched to a name in the address list." Is it permission-related? Any ideas?
Copyright © 2005 - 2024 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation