Exchange 2007 Install and Configuration from the command line

(Part 1)
• Exchange 2007 Install and Configuration from the command line (Part 2)
• Exchange 2007 Install and Configuration from the command line (Part 3)
Brief
This two part series will run you through the setup of Exchange 2007 on a clean Windows 2008 server. Exchange
2003 already exists in the environment. The difference from previous articles is that the setup will be done entirely
(well mostly) from the command line. Given that there are so many other articles that describe the installation of
Exchange 2007 I am not going to detail every single step, but rather am going to focus on the command line steps
required.
Once the basic install is done I will show how to get the server into a working state so that it can serve a simple one
server organization.
Where relevant I will expand the methods used to discuss how these methods could be used in a larger setup. I will
also touch on how this can be used as a method for both documentation and DR. To conclude I will give some info
about the areas I consider as part of configuring an Exchange 2007 system.
Introduction
With the advent of PowerShell, Exchange 2007 is the first version of Exchange which is really easy to work with
from the command line. However, before we get to working with Exchange we must install it. This is easy to do
from the command line, however before that there are some preparatory steps that must be undertaken.
Before we start, I should explain a little about my lab environment. It consists of a root domain called Gaots.co.uk
and a child domain called Child.gaots.co.uk. Each domain has a single domain controller. The only service in the
root domain is the Enterprise Root CA. In the Child domain, Exchange 2003 is running on a Windows Server 2003
machine. Figure 1 below details the environment.

Figure 1: The lab environment

Preparation
The steps below are not necessarily exhaustive but are things I would commonly carry out before deploying
Exchange 2007.
• Verify the domain is in a minimum of Windows 2000 Native Mode
• Verify that the Exchange 2003 organization is in Native Mode
• Build the host operating system to standard build specifications and join to the domain
• Install the Exchange 2007 prerequisites as per the below links:
○ Exchange 2007 System Requirements
○ How to Install Exchange 2007 SP1 Prerequisites on Windows Server 2008 or Windows Vista
Essentially there are two elements to the preparation for Exchange 2007; the Active Directory preparation and the
software prerequisites on the Exchange server. I will prepare AD on the domain controller in the Root domain as
discussed later.
To prepare for the installation of Exchange 2007 on the Windows Server 2008 machine, first install PowerShell
using the command below:
ServerManagerCmd -i PowerShell
Next, the following IIS components must be installed:
ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Digest-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Dyn-Compression
Finally if you plan to support Outlook Anywhere users on the server you will need to install the RPC over HTTP
proxy components using the command below:
ServerManagerCmd -i RPC-over-HTTP-proxy
All these steps should be run from the standard Windows command line, and I usually put them all together into a
batch file which obviously prevents you having to type each one in one by one!
• Patch the server with Microsoft Update.
• Create OUs for Exchange server objects in AD (these OUs could be used for Group Policies specifically
related to the Exchange servers).
• Move server machine accounts in to correct OUs.
• Create Exchange Full Administrator Account (this is the account which will install Exchange).
• To prepare AD you will need Domain, Enterprise and Schema Administrator rights, and where Exchange
2003 exists, make the account and Exchange 2003 Full Administrator. To install Exchange in the child
domain you will need to be an Exchange Organization Administrator or an Enterprise Administrator.
• Copy the install files to each server - c:\software\Exchange2007.
• Create updates dir on each server - c:\software\Exchange2007Patches.
• Copy the latest Rollup Update to the updates directory created above.
• If not already in existence create an Internal Certificate Authority usually of the Enterprise Root variety.
This will be used to provide certificates for securing internal access to Exchange.
• Where Exchange 2003 exists Implement Link State suppression to prevent routing loops as described
in How to Suppress Link State Updates.
• As is often the case when making a large change to an environment now is a good time to clean up. In this
case I would take a look at the accepted email domains and recipient policies and make sure you do not
have anything unrequired.
 • Make a final verification of server builds including: Network config, Patching, IE version, Prerequisites.
• Run the Exchange Best Practise Analyzer (ExBPA) Readiness Assessment and address any issues raised.

Installation
Having completed all the prerequisite steps described above, we are ready to move on to actually deploy the
Exchange 2007 server. The first step is to prepare Active Directory (AD) for Exchange 2007. In my lab I will
perform this on the root DC by running the commands below from the Windows command prompt:
Setup.com /PrepareAD
Setup.com /PrepareAllDomains
Having performed the Active Directory preparation and ensured that AD has replicated fully, the install of Exchange
can be performed.
Note:
The script entries from here on in can be run individually in a PowerShell window or sequentially by saving them in
a text file with a .PS1 extension.
Before running the script below you will need to enable the ability to run scripts on the server. So long as you create
the scripts on the server where you will run them, the following setting is suggested as it maintains the security of
PowerShell. Run the command to set the execution policy to RemoteSigned.
Set-ExecutionPolicy RemoteSigned
Finally to begin the install of Exchange run the script below:
#First Create the install directory
New-Item -Type directory -Path "C:\Program Files\Microsoft\Exchange Server"
#Run Setup
C:\software\exchange2007\Setup.com
/mode:install /roles:"ClientAccess,HubTransport,Mailbox"
/TargetDir:"C:\Program Files\Microsoft\Exchange Server"
/SourceDir:C:\Software\Exchange2007 /EnableErrorReporting
/LegacyRoutingServer:Exch2003.child.gaots.co.uk
/UpdatesDir:C:\Software\Exchange2007Patches
So let's dissect the command above. We are running the Exchange command line setup program (Setup.com) from
the software directory where we copied the install files.
Note:
The first Exchange 2007 server to be installed will use a slightly different script to any which follow as you must
specify the Legacy Routing Server which allows setup to create the first Routing Group Connector to link the
Exchange 2003 and 2007 routing groups.
For a definitive guide to all the parameters available with setup.com see White Paper: Description of the Parameters
Used With the Exchange 2007 Setup.com Tool.
Having installed Exchange 2007, you should run another Microsoft Update scan to ensure that the server is fully
patched before rebooting.
After the reboot it is worth checking out the event and setup logs to ensure that setup completed successfully. The
first thing to check is to run the Get-ExchangeServer command from the Exchange Management Shell. This will
return a list of Exchange servers with the roles that are installed. Check that all the roles you intended to install are
listed and then move on.
Next check the setup logs. The main log file tracks the progress of each task that is performed during the Exchange
2007 installation and configuration. The file contains information about the status of the prerequisite and system-
readiness checks that are performed before installation starts, the application installation progress, and the
configuration changes that are made to the system. It is located at the path below:
<system drive>\ExchangeSetupLogs\ExchangeSetup.log
Alongside the above log, is the ExchangeSetup.msilog file which contains information about the extraction of the
Exchange 2007 code from the installer file.
<system drive>\ExchangeSetupLogs\ExchangeSetup.msilog
To parse these logs for errors, you can of course open them in notepad and scroll through. However, as this article is
about using the command line, let's use that! Microsoft ship a script with Exchange to use for this which is located in
the scripts folder in the Exchange install directory. Open the Exchange Management Shell, change directory to the
scripts folder, and run the following command:
Get-SetupLog c:\exchangesetuplogs\exchangesetup.log - error -tree
This will generate a list of only the errors and warnings logged during setup and present the results in an indented
tree format.
For a more information about checking the setup logs see Exchange 2007 setup logs and how to use them to
troubleshoot setup.
Finally the last step is to run the Exchange Best Practice Analyzer to give you an overall view of the health of the
Exchange organisation.
For this part we are done. The install is complete and verified and we can now move onto the configuration of the
server which is described in Part 2 of this article.

Summary
In this article we have covered the prerequisite steps to install Exchange and begun the process by preparing AD
from the command line. We have then installed Exchange 2007 with the Hub, CAS and Mailbox roles and verified
that the install completed successfully. In Part 2 we will cover the commands needed to configure Exchange 2007 to
get things to the point of actually serving users!

Exchange 2007 Install and Configuration from the command line

(Part 2)

Introduction
In Part 1 of this series, I described the prerequisites required to install Exchange and then described the installation
of Exchange and its verification. Now in Part 2, I will move on to describe some of the general configuration steps
required to get the system operational.

Client Access and Hub Transport Configuration

Having completed the installation of Exchange 2007 in Part 1 the next step is to configure the server for use. All
scripts are now run from the Exchange aware PowerShell version called the Exchange Management Shell or EMS.

License Key
The first step is to enter the license key details for each server. This is done using the script below which allows you
to specify which Exchange server to apply the license key to by using the -Identity parameter.
#Enter the License Key
Set-ExchangeServer -Identity Exch2007 -ProductKey 12345-12345-12345-12345-
12345
#Restart the Information Store Service
Restart-Service msexchangeis

Client Access and Hub Transport Server Role Preparation

Update DatabaseMaxCache setting in Transport service DB
Recently there was a recommendation made on the Exchange Team blog about changing the DatabaseMaxCache
value of the Message Queue Database on Hub Transport servers. This involves editing text file C:\Program
Files\Microsoft\Exchange Server\Bin\EdgeTransport.exe.config, and modifying the following line in the
<appSettings> section:
<add key="DatabaseMaxCacheSize" value="134217728" />
To read:
<add key="DatabaseMaxCacheSize" value=" 536870912" />
This can be done using the script below:
(Get-Content "C:\Program Files\Microsoft\Exchange
Server\Bin\EdgeTransport.exe.config") | Foreach-Object {$_ -replace
"134217728", "536870912"} | Set-Content "C:\Program Files\Microsoft\Exchange
Server\Bin\EdgeTransport.exe.config"
Restart-Service MSExchangeTransport
The script essentially loads the file into an array and then loops through until it finds the relevant content to replace.
It then writes the changed content back to the file. No doubt there are more elegant ways to do this, but for now, this
is the best I have come up with!

Global Client Access and Hub Transport Server

Configuration
Routing Configuration for larger networks
As I have made clear, I am working in a one server environment however, it is worth mentioning here a crucial step
for multi-site networks; routing setup. As part of the default installation a routing group connector is created
between the Exchange 2003 routing group which hold the server specified during setup and the Exchange 2007
routing group. In larger organisations I would use a script as below to setup the other relevant connectors:
#Get the existing routing group connector created by setup and delete it
Get-RoutingGroupConnector | where {($_.sourceroutinggroup -eq "Exchange
Routing Group (DWBGZMFD01QNBJR)") -or ($_.targetroutinggroup -eq "Exchange
Routing Group (DWBGZMFD01QNBJR)")} | Remove-RoutingGroupConnector -Confirm:
$false
#Create new routing group connectors
New-RoutingGroupConnector -Name "New York 2003-2007" -SourceTransportServers
"NYC-Exch2007.gaots.co.uk” -TargetTransportServers "NYC-Exch2003.gaots.co.uk"
-Bidirectional:$true -Cost 10
New-RoutingGroupConnector -Name "London 2003-2007" -SourceTransportServers
"LDN-Exch2007.gaots.co.uk" -TargetTransportServers "LDN-Exch2003.gaots.co.uk"
-Bidirectional:$true -Cost 10
The script first deletes the default connector and then replaces it with connectors named as per your naming
convention which are bidirectional and have a cost of 10.

Set Message Tracking log retention amount

Back in our single server environment, there are a few global setting still to configure. First I set the maximum
amount of message tracking logs to be kept to 10GB.
#Set amount of retained logs for Mailbox Servers
Get-MailboxServer | Set-MailboxServer -MessageTrackingLogMaxDirectorySize 10GB
#Set amount of retained logs for Transport Servers
Get-TransportServer | Set-TransportServer -MessageTrackingLogMaxDirectorySize
10GB

Set the maximum message size to 1GB

Next I configure the maximum message size which the Exchange organisation will accept. The script below sets the
size to 50MB at the Global, Send and Receive Connector level.
#Set global message size restrictions
Set-TransportConfig -MaxSendSize 50MB -MaxReceiveSize 50MB
#Get all the receive connectors and set the maximum message size to 50MB
Get-ReceiveConnector | Set-ReceiveConnector -MaxMessageSize 50MB
#Get all the send connectors and set the maximum message size to 50MB
Get-SendConnector | Set-SendConnector -MaxMessageSize 50MB
For more information about message size restrictions see Marc’s article Exchange 2007 Message Size Limits.

Enable OOF to the Internet from both Exchange 2003 and Exchange 2007
Finally, I ensure that Exchange 2007 will allow both Outlook 2003 and Outlook 2007 clients to send Out of Office
messages to the Internet using the script below:
#Get all the Remote Domain types (equal to the Internet Message formats from
#Exchange 2003 and set the AllowedOOFType to ExternalLegacy which allows
#both Outlook 2003 and 2007 clients to send OOF out
Get-RemoteDomain | Set-RemoteDomain -AllowedOOFType ExternalLegacy

Client Access Server Configuration

Having performed the global configuration tasks above, next I perform the steps below to set up specific settings on
the Client Access server.

Generate, Install and Enable Certificate

As you will likely know, Exchange makes use of certificates to secure various means of access including Outlook
Web Access. By default it uses a self signed certificate however, this almost always requires replacing with one
generated either from an internal private certificate authority (CA) or from a public CA like VeriSign otherwise
users end up being prompted that the certificate is not trusted. To do this I use the following commands:
#Create a request for a certificate
New-ExchangeCertificate -GenerateRequest:$True -SubjectName "c=US,
o=Gaots,cn=email.gaots.co.uk" -DomainName email.gaots.co.uk,
autodiscover.gaots.co.uk, exch2007, child.gaots.co.uk,
exch2007.child.gaots.co.uk -FriendlyName ExchOWACert -PrivateKeyExportable:
$True -Path C:\ExchOWACert.req
The above script generates a certificate request file which you would then be passed to either an internal CA or a 3rd
party public one.
Once the CA returns the certificate the following scripts should be used to install and enable the certificate.
#Import the certificate and enable for services
Import-ExchangeCertificate -path c:\ExchOWACert.cer | Enable-
ExchangeCertificate -Services "IIS,SMTP,POP,IMAP"
The above script first imports the certificate and then pipes the Thumbprint to the Enable command so that the
certificate is enabled for relevant services. You should note that it may prompt you for a confirmation before
enabling.

Configuring Client Access Virtual directories and Autodiscover

Having completed the installation of the certificate, the next step is to configure the virtual directories which provide
access to Exchange. This is done using the script below:
# Configure Virtual Directories for the "Default Web Site"
Set-WebServicesVirtualDirectory -Identity Exch2007\"EWS (Default Web Site)"
-InternalUrl https://exch2007.child.gaots.co.uk/ews/exchange.asmx -ExternalUrl
https://email.gaots.co.uk/ews/exchange.asmx
Set-OabVirtualDirectory -Identity Exch2007\"OAB (Default Web Site)"
-InternalUrl https://exch2007.child.gaots.co.uk/OAB -ExternalUrl
https://email.gaots.co.uk/OAB -RequireSSL:$True
Set-UMVirtualDirectory -Identity Exch2007\"UnifiedMessaging (Default Web
Site)" -InternalUrl
https://exch2007.child.gaots.co.uk/unifiedmessaging/service.asmx -ExternalUrl
https://email.gaots.co.uk/unifiedmessaging/service.asmx
Set-OWAVirtualDirectory -Identity Exch2007\"OWA (Default Web Site)"
-InternalURL https://exch2007.child.gaots.co.uk/owa -ExternalUrl
https://email.gaots.co.uk/owa -LogonFormat username -DefaultDomain
child.gaots.co.uk
# Set URL for AutoDiscover
Set-ClientAccessServer -Identity Exch2007 -AutodiscoverServiceInternalURI
https://exch2007.child.gaots.co.uk/autodiscover/autodiscover.xml
-AutodiscoverSiteScope:$null
Set-AutoDiscoverVirtualDirectory -identity Exch2007\"Autodiscover (Default
Web Site)" -InternalUrl
https://exch2007.child.gaots.co.uk/autodiscover/autodisover.xml -ExternalUrl
https://email.gaots.co.uk/autodiscover/autodisover.xml
# Reset IIS
IISRESET -NoForce
Having carried out the above steps your system is now ready to act as a Client Access server to provide access to
Exchange.
For more information about understanding the wider issues surrounding certificates and Exchange see the
article Securing an Exchange 2007 Client Access Server using a 3rd Party SAN Certificate.

Export the SSL Certificate to a second Client Access server

Before we move on to other areas, I thought it worth mentioning something which is only relevant if you have a pair
(or more) Client Access servers which you will be using in a NLB configuration. In that case you will need the
certificates on each server to match! First you must export the certificate from the first Client Access server which
can be done using the script below:
#Export and copy to second server
Get-ExchangeCertificate | where {$_.services -eq "IMAP, POP, IIS, SMTP"} |
export-exchangecertificate -path \\SecondServer\c$\OWAcas-cert.pfx
-binaryencoded:$true -password:(Get-Credential).password
When you execute the command, it will prompt you to enter a password to secure the private key, and will then
export the cert to the root of the C: on the second server.
On the Second Server you must then import the cert which can be done using the script below which will also
prompt for the password entered above:
#Import and enable the certificate
Import-ExchangeCertificate -path c:\DCcas-cert.pfx -Password:(Get-
Credential).password | Enable-ExchangeCertificate -Services
"IIS,SMTP,POP,IMAP"
At this point you would configure the virtual directories as on the first server.

Outlook Anywhere
As I mentioned above we have setup the client access server, however one access method that most will be using is
not yet available. That is Outlook Anywhere, formerly known as RPC over HTTP. Before enabling Outlook
Anywhere, you must ensure that the RPC Proxy component is installed on the Client Access server. Also it is
recommended to disable Kernel Mode Authentication when running the Client Access role on a Windows Server
2008 machine as otherwise if you use Outlook Anywhere with the NTLM authentication options users may be
prompted repeatedly for login information. The script below disables Kernel Mode Authentication and then enabled
Outlook Anywhere with Basic Authentication enabled and SSL Offloading disabled:
#Disable Kernel Mode Authentication for IIS7
C:\Windows\SysWOW64\inetsrv\AppCmd.exe set config
/section:system.webServer/security/authentication/windowsAuthentication
/useKernelMode:false
#Enable Outlook Anywhere with Basic Auth and SSL Offloading disabled
Enable-OutlookAnywhere -Server:Exch2007.child.gaots.co.uk
-ExternalHostname:email.gaots.co.uk -DefaultAuthenticationMethod:Basic
-SSLOffloading:$false

Setup Relay connectors

The final configuration step I will take is to setup a client connector to allow relay from an internal application.
NOTE:
Although in this environment we only have a single server, if you have a farm of Hub servers which are load
balanced, the relay setup should be performed on all Hub Transport servers.
#An example of a script to setup relaying for the Hub Transport servers
New-ReceiveConnector -Name “Internal SMTP Relay” -Usage Custom -Bindings
192.168.22.67:25, 192.168.22.67:587 -Fqdn exch2007.child.gaots.co.uk
-RemoteIPRanges 192.168.22.60 -Server Exch2007 –AuthMechanism TLS,
ExternalAuthoritative –PermissionGroups ExchangeServers –MaxMessageSize 1GB
The script above allows the hub transport server to listen for relay on IP 192.168.22.67 on both port 25 and port 587.
Port 587 is configured in addition to port 25, as it is the default port for client to server SMTP traffic as opposed to
server to server traffic which runs over port 25. The script then allows communications from only the server
192.168.22.60 and sets the maximum message size to 1GB.

Summary
At this point, we have completed the basic steps needed to configure the client access server. I have tried not only to
demonstrate the bare minimum, but also added configuration steps for some of the more common requirements
which I have come across in the field. In the third and final part of this series, I will configure the mailbox server
role and summarise some of the thought processes I use when approaching an Exchange server build.

Exchange 2007 Install and Configuration from the command line

(Part 3)

Introduction
In Part 1 of this series, I described the prerequisites required to install Exchange and then described the installation
of Exchange and its verification. In Part 2, I moved on to describe some of the general configuration steps required
to get the system operational, in particular focusing on the Client Access and Hub Transport roles. In this final part, I
will complete the configuration of the single server Exchange organization by focusing on the Mailbox role.
Mailbox Configuration - Mailbox Server Preparation
Disable Scalable Network Pack
There have been various issues with the Scalable Network Pack (SNP) updates that have been released in the last
year or so. The way I understand it, the SNP aims to offload processing to suitable Network Cards to improve
performance. It would appear that these updates have caused Exchange to see connectivity problems. In order to
ensure that the Scalability Networking Pack is disabled open a command prompt on all mailbox servers and run the
following command:
Netsh int ip set chimney DISABLED
I should point out that this issue only affects Windows Server 2003 machines running Exchange because Windows
Server 2008 machines have these enhancements disabled by default.
For much more info about the problems see the links below:
Windows 2003 Scalable Networking pack and its possible effects on Exchange
Windows 2003 Scalable Networking pack and its possible effects on Exchange (Part 2)
Global Mailbox Server Setup
Having completed the preparation steps above, I would now configure any global mailbox settings. In this case, that
basically means ensuring any permission settings are correct to allow various add-on services to run properly.

Setup Blackberry Enterprise Server and Enterprise Vault Service

Permissions
Although I do not have these services in my lab environment I thought it was worth mentioning how to setup
permissions as it is such a common situation to face. The script below grants Organisation Administrator
permissions to the Enterprise Vault service account and then grants the relevant permissions to get a BES service
account working.
#Grant Org Admin to the SEV account
Add-ExchangeAdministrator EnterpriseVault -Role OrgAdmin
#Make the various BES service account View only Admins
Add-ExchangeAdministrator bessvc -Role ViewOnlyAdmin
#Grant permissions to the various BES service accounts to the Mailbox servers
Get-MailboxServer | Add-ADPermission -User bessvc -accessrights GenericRead,
GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

Mailbox Server Setup

Having completed the organization wide configuration next I will move on to set up the individual mailbox servers
to serve users.

Create Storage Groups

The first step is to create storage groups. Although there are default storage groups created I would first remove
them so as to make use of a standard naming convention. In order to do this, the script below uses the Get-Database
command to get all databases on the server Exch2007 and then pipes the output to the Dismount-Database
command. The use of the Confirm:$false parameter means that we will not get prompted for each database. Having
dismounted the databases they can then be removed. Of course this server not only has mailbox databases but also a
public folder database. Before the storage groups can be removed, this public folder database also needs removing.
This is a little trickier! I have struggled for ages to find a better way to do this, but Exchange plain refuses to let you
remove the default public folder database. Therefore I use a little ADSI scripting to force it! First I set a variable to
the Public Folder Database and then I use DeleteObject to remove it.
#Delete Existing Storage Groups and Databases
Get-MailboxDatabase -Server "Exch2007" | Dismount-Database -Confirm:$false
Get-MailboxDatabase -Server "Exch2007" | Remove-MailboxDatabase -Confirm:
$false
Get-PublicFolderDatabase -Server "Exch2007" | Dismount-Database -Confirm:
$false
$PFD = [ADSI]"LDAP://CN=Public Folder Database,CN=Second Storage
Group,CN=InformationStore,CN=EXCH2007,CN=Servers,CN=Exchange Administrative
Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=GaotsOrg,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=gaots,DC=co,DC=uk"
$PFD.DeleteObject(0)
Get-StorageGroup -Server "Exch2007" | Remove-StorageGroup -Confirm:$false
Having removed the default databases and storage groups, I can create new storage groups based on a naming
standard. The script below does that, creating two storage groups, one for a Public Folder database and the other for
a Mailbox database.
#Create Folders for Logs
New-Item C:\Logs -Type Directory
New-Item C:\Logs\SG-MBD-01 -Type Directory
New-Item C:\Logs\SG-PFD-01 -Type Directory
#Create new storage groups
New-StorageGroup -Name "SG-MBD-01" -LogFolderPath "C:\Logs\SG-MBD-01" -Server
"Exch2007" -SystemFolderPath "C:\Logs\SG-MBD-01"
New-StorageGroup -Name "SG-PFD-01" -LogFolderPath "C:\Logs\SG-PFD-01" -Server
"Exch2007" -SystemFolderPath "C:\Logs\SG-PFD-01"

Create Databases
Having created new storage groups, next I will create some new databases using the script below which first creates
the directories for storage and then creates the databases. You will note that I create the public folder database first
so I can set it as the default Public Folder store when creating the mailbox database.
#Create folders for Databases
New-Item C:\DBs -Type Directory
New-Item C:\DBs\MBD-01 -Type Directory
New-Item C:\DBs\PFD-01 -Type Directory
#Create new public and mailbox databases
New-PublicFolderDatabase -Name PFD-01 -StorageGroup SG-PFD-01 -EdbFilePath
C:\DBs\PFD-01\PFD-01.edb
New-MailboxDatabase -Name MBD-01 -StorageGroup SG-MBD-01 -EdbFilePath
C:\DBs\MBD-01\MBD-01.edb -OfflineAddressBook "Default Offline Address List"
-PublicFolderDatabase Exch2007\SG-PFD-01\PFD-01

Configure and Mount Databases

Having created the database the next step is to configure them and then mount them. The script below sets some
common configuration parameters such as the deleted item retention period (set to 21 days), the maintenance
schedule and quotas. You will notice that before configuring the mailbox database, you need to first create the
journal recipient.
#Configure Public Folder Database
Set-PublicFolderDatabase -Identity PFD-01 -DeletedItemRetention 21.00:00:00
-MaintenanceSchedule "0.22:00-1.00:00","1.22:00-2.00:00","2.22:00-
3.00:00","3.22:00-4.00:00","4.22:00-5.00:00","5.22:00-6.00:00","6.22:00-
0.00:00" -IssueWarningQuota unlimited -MaxItemSize unlimited
-ProhibitPostQuota unlimited -RetainDeletedItemsUntilBackup:$true
#Create journal mailbox
New-Mailbox -Name 'journal' -Alias 'journal' -OrganizationalUnit
'child.gaots.co.uk/Users' -UserPrincipalName 'journal@child.gaots.co.uk'
-SamAccountName 'journal' -FirstName 'journal' -Initials '' -LastName ''
-Password 'System.Security.SecureString' -ResetPasswordOnNextLogon $false
-Database 'EXCH2007\SG-MBD-01\MBD-01'
#Configure Mailbox Database
Set-MailboxDatabase -Identity MBD-01 -DeletedItemRetention 21.00:00:00
-JournalRecipient journal@clarinathan.co.uk -MaintenanceSchedule "0.22:00-
1.00:00","1.22:00-2.00:00","2.22:00-3.00:00","3.22:00-4.00:00","4.22:00-
5.00:00","5.22:00-6.00:00","6.22:00-0.00:00" -RetainDeletedItemsUntilBackup:
$true -ProhibitSendQuota unlimited -ProhibitSendReceiveQuota unlimited
-IssueWarningQuota unlimited -MailboxRetention 30.00:00:00
-PublicFolderDatabase Exch2007\SG-PFD-01\PFD-01 -OfflineAddressBook "Default
Offline Address List"
#Mount the Databases
Get-PublicFolderDatabase -Server Exch2007 | Mount-Database
Get-MailboxDatabase -Server Exch2007 | Mount-Database
Note:
One thing to bear in mind when setting the maintenance schedule is that if your servers are in different time zones
you must set this locally, because otherwise the way PowerShell handles the time means that you will end up with
maintenance occurring not when you want due to the time zone shift!

Configure Standby Continuous Replication

At this point, I stray again from the one server environment I am working in, as I feel it is worth mentioning how
easy it is to enable Standby Continuous Replication. The script below will do this for the storage group holding
mailbox database I created earlier.
#Enable SCR
Enable-StorageGroupCopy –Identity SG-MBD-01 –StandbyMachine Server2 –
ReplayLagTime 0.0:0:0

Public Folder Replication

Having completed the above configuration, we are now all but done, however there is one more important step to
take, that of public folder replication.

Create Public Folder Replicas

The script below adds a public folder replica for all folders to the new Exchange 2007 public folder database.
#Add a replica of all public folders to the new 2007 Public folder databases
CD “C:\Program Files\Microsoft\Exchange Server\Scripts”
.\AddReplicaToPFRecursive.ps1 -TopPublicFolder \ -ServerToAdd Exch2007
Note:
Although the script will present an error about modifying the root folder, it will still progress and replicate all the
other folders.

Create System Folder Replicas

Finally, it is important to ensure that the new server has a replica of all relevant system folders. In order to do this, I
hit upon a problem with the AddReplicaToPFRecursive script. Basically it didn’t handle the use of public folders
with spaces in the names. To fix this, you should open up the AddReplicaToPFRecursive script and then edit as
below. Essentially you must add a single quote ‘ around the $TopPublicFolder in the two lines listed. That allows
the script to recognise the entire string and not to break it at the first space.
-----
if ($server)
{
$getpfcmd = "get-publicfolder -server $Server -identity
'$TopPublicFolder' -Recurse -resultsize unlimited"
}
else
{
$getpfcmd = "get-publicfolder -identity '$TopPublicFolder'
-Recurse -resultsize unlimited"
}
-----
Having made the above change save the script and then use the commands below to add the replicas. You may
receive an error but it does appear to still add the replicas.
#Add a replica of all relevant system folders to the new 2007 Public folder
databases
CD “C:\Program Files\Microsoft\Exchange Server\Scripts”
.\AddReplicaToPFRecursive.ps1 -TopPublicFolder "\NON_IPM_Subtree\EFORMS
REGISTRY" -ServerToAdd Exch2007
.\AddReplicaToPFRecursive.ps1 -TopPublicFolder "\NON_IPM_Subtree\OFFLINE
ADDRESS BOOK" -ServerToAdd Exch2007
.\AddReplicaToPFRecursive.ps1 -TopPublicFolder "\NON_IPM_Subtree\SCHEDULE+
FREE BUSY" -ServerToAdd Exch2007

Areas of Configuration to Consider

Once you have walked through the above configuration scripts you should now have an operational Exchange 2007
server. All that remains is to move a few test users across and begin testing.
Obviously I have not been able to cover every possible scenario that you might come across but I have aimed to
show how some of the most common are handled and hope that you can take the knowledge gained to investigate
further some of the other areas which I didn’t cover.
One thing which I thought might be useful is the table below. My aim was to list the areas which I consider when
configuring each of the Exchange roles. No doubt it is not entirely comprehensive but, it should give a good starting
point!

CAS Mailbox Hub Edge UM

Configure Configure OAB Create postmaster Subscribe the Edge Configure Dial
Certificates for distribution mailbox Transport Server Plan
SSL
Configure Configure New Configure Transport Configure Anti- Configure UM
Outlook Address Lists and Journaling Rules Spam/Anti-Virus IP Gateway
Anywhere
Configure Configure Start EdgeSync Configure Configure UM
ActiveSync and Managed Folder Disclaimers Mailbox Policy
ActiveSync Mailbox Policy
policies
Create Configure OOF Configure connectors Configure quarantine Configure UM
AutoDiscover & accepted domains mailbox Auto Attendant
DNS Record
Set Ext URLs Configure Configure Anti-Spam Enable Users
where required Backup Agents if not using for UM
Edge
Split logs and Consider connection
databases logging
Configure Set mail size limits
Replication
Set how the server
identifies itself when
sending mail
Allow internal servers
to send mail
Configure or Migrate
email address policies
Summary
This three part series has shown how to install and configure an Exchange 2007 server using the command line.
For any more info about the commands below I strongly suggest searching for them by name which will produce the
Exchange documentation relevant to the command giving much more detail about syntax and available parameters.
Finally, I should say that although I have listed all the steps separately, you could easily save all the command in
a .PS1 file and then sit back and wait for the server to complete configuring itself!