Skip to main content

Hosted Exchange Deployment Guide

Overview

This article provides a guide to installing the Hosted Exchange service into the Atria Platform.

Prerequisites

Please ensure your environment matches all of the below requirements before proceeding to deploying the service.

Server Requirements

When configuring the server that will run the Exchange web service, perform the following tasks:

  • Install all recommended operating system patches.
  • Enable Remote Desktop Services.
  • Disable User Account Control (UAC).
  • Install the .NET Framework 4.0.
  • Install Microsoft Exchange Management Tools.
  • Enable the following IIS 6 and 7+ roles:
    • Web Server > Application Development > ASP.NET
    • Management Tools > IIS Management Console
    • Management Tools > IIS Management Scripts and Tools
    • Management Tools > IIS 6 Management Compatibility > IIS 6 Metabase Compatibility

Account Requirements

Ensure the account that is being used for the installation has:

  • Domain Admin rights.
  • Exchange Administrative rights.

This is required for the successful installation of the Exchange web service.

Configuration Requirements

How you configure Exchange to work with Atria typically depends on:

  • Deploying a single version of Exchange.
  • Creating a mixed environment where multiple supported versions of Exchange are included.

For single-version deployments of Exchange 2007 SP3, the Atria Configuration Tool performs the following tasks:

Enable the List Object Permission

In ADSIedit, the dsHeuristics property, located in CN=Services > CN=Windows NT > CN=Directory Service container, is set to 001.

Disable the Default Email-Address Policy

In ADSIedit, the following properties, located in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization > CN=Recipient Policies > CN=Default Policy container are modified:

  • msExchLastAppliedRecipientFilter: Alias -eq 'NoSuchEmail'
  • msExchQueryFilter: Alias -eq 'NoSuchEmail'

Replace the current entry for msExchPurportedSearch with:

purportedSearch : (&(objectclass=PublicFolder)(!(extensionAttribute15=*)))

Lock down the Default Global Address List

In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization node > CN=Address Lists Container > CN=All Global Address Lists > CN=Default Global Address Lists container properties, the following modifications are performed:

  • Inheritable permissions are not allowed to propagate.
  • The Authenticated Users group has the Read permission of msExchAvailabilityAddressSpace set to Deny. All other permissions are removed.
  • The Everyone group is removed.
Lock down Address List

In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization > CN=Address Lists Container > All Address Lists > All Users contain properties, the following modifications are performed:

  • Inheritable permissions are not allowed to propagate
  • The Everyone and Authenticated Users are removed
  • The Proxy USERS group has the Read permission set to Deny.

These modifications are also performed for All Groups, All Contacts, All Rooms, and Public Folders containers.

Lock down the All Address List Container

In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization > CN=Address Lists > CN=All Address Lists container properties, the Proxy USERS group is added with the following settings:

  • Apply to: This object only
  • List contents: Deny
  • List Object: Allow
Delete the Default Offline Address List

In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization > CN=Address Lists > CN=Offline Address List container, the CN=Default Offline Address List container is deleted.

Set Permission on the Exchange Organization

In ADSIedit, in the CN=Services > CN=Microsoft Exchange > CN=ExchangeOrganization container, the Proxy USERS group is added with the following settings:

  • Read: Allow
  • Apply to: This object only
  • List contents: Allow
  • List object: Allow

Read all properties: Allow Read permissions: Allow

For single-version deployments of Exchange 2010 SP3 or Exchange 2013, the Configuration Tool disables the Default Email-Address policy only.

For mixed Exchange deployments that include Exchange 2013 or Exchange 2010 SP3 servers in the same environment as Exchange 2007 SP3 servers, the globalAddressList2 attribute must be populated with entries from the globalAddressList attribute. The globalAddressList2 attribute was introduced in Windows Server 2008 R2. In an environment that includes Exchange 2013 or 2010 SP3, an address list must be populated into the attribute to ensure correct operation. Exchange 2013 and 2010 SP3 manage the globalAddressList2 attribute automatically, but Exchange 2007 SP3 does not. To populate this attribute, perform the following actions:

  1. Copy the globalAddressList attribute into the globalAddressList2 attribute.
  2. To populate globalAddressList2 with all entries from globalAddressList, run the following PowerShell script:
$configroot = ([adsi]"LDAP://rootdse").ConfigurationNamingContext

$MSEXOU = [adsi](" LDAP://CN=MicrosoftExchange,CN=Services,$configroot") = $null

foreach ($dn in get-GlobalAddressList) { $gal +=($dn.distinguishedname)}

$gal = "@" + ([string]::join(",", "", $gal)) + ""

$MSEXOU.putEx(2, 'globalAddressList2', (invoke-expression "$gal"))

$MSEXOU.setinfo()

Process

Web Service and Schema Installation

  1. Login to your provisioning server.

  2. Start an administrative PowerShell session.

  3. Run the following command to add the service schemas:

    Import-AtriaServiceSchema -Service Exchange
  4. Login to the server hosting your Exchange.

  5. Start an administrative PowerShell session.

  6. Run the following command to install the required components:

    Install-AtriaExchange
  7. When prompted, enter 2019 as the Exchange version.

Configure the Service

The following steps are for you to complete within the Atria platform. To configure the Hosted Exchange service:

  1. Enable the service at the top level:

    • From the Atria menu bar, navigate to Configuration > System Manager > Service Deployment, then expand Hosted Exchange.
    • Here you can create customer and user plans which define configuration options for the Hosted Exchange service. You can use the default ones that already exist, or to learn about creating your own plans, see here.
    • When done, click Save.
  2. Enable the service at the location level:

    • Under Service Filter, select Active Directory Location Services and choose the Location you wish to deploy the service to.
    • Expand Hosted Exchange, and tick any User and Customer Plans you want to enable. The defaults are already enabled.
    • When done, click Save.
  1. Using an administrative PowerShell session, query the Exchange Web Service Credentials from IIS:
C:\Windows\system32\inetsrv\appcmd.exe list apppool /name:"$=Atria ExchangeWS AppPool" /text:* | findstr "name: userName: password: password"
  1. In the Atria portal, select Credentials on the left, or from within the System Manager, and Add a new record within the credentials generated in the PowerShell Deployment and the Domian:

img

  1. Enable the server:

    • From the context menu, select Servers.
    • If the server where the Exchange web service is installed is not listed, click Refresh Server List.
    • Expand the entry for the server and verify that Server Enabled is selected.
  2. Assign server roles:

    • From the context menu, select Server Roles, then expand the entry for your provisioning server.
    • Under Server Connection Components, tick Hosted Exchange and then click Save.
  3. Add a server connection:

    • From the context menu, select Server Connections, select a Location Filter if applicable, click New Connection, and specify the following information for the Hosted Exchange service:

      • Server Role: Hosted Exchange.
      • Server: Choose the server where the Exchange Web Service is installed.
      • Credentials: Choose the credentials for the Exchange web service.
      • URL Base: Defaults to /ExchangeWS/HostedExchange.asmx.
      • Protocol: Choose http.
      • Port: Defaults to 8095 (Ensure it matches IIS bindings for the Exchange Web Service).
      • Timeout: Defaults to 200000 milliseconds.
      • Version: Select 2019

    Exchange Server Connection
    • Click Save.
    • Click the icon in the Test column for the Exchange server. The icon turns green for a successful connection. A red icon indicates an unsuccessful connection; mouse over it for error details.

Configure Personal Archives

Personal archives, available from Exchange 2010 onwards, allow users to store older messages in a server-side mailbox rather than in a .pst file. Users can access personal archives via Outlook or Outlook Web App.

To enable support for personal archives:

  1. From the Atria menu bar, click Configuration > System Manager > Service Deployment.
  2. Under Service Filter, select Active Directory Location Services and choose a Location Filter, if applicable.
  3. Expand Hosted Exchange, then click User Plans.
  4. Select an existing User Plan to enable support for personal archives.
  5. Expand the Mail Archiving Exchange 2010 / 2013 category and select the Enabled checkbox.
  6. In Mailbox Database, select the database that Atria will use for personal archives.
  7. Click Apply Changes, then Save.

Configure PST File Import and Export

Configuring PST file import and export allows Atria to manage Exchange personal store mailboxes via a network share or FTP server.

Storing PST files:

  • Create a network shared folder named WebHosting on a file server.
  • Configure FTP access for customers needing PST exports/imports.

FTP Server Configuration:

  1. Active Directory Setup:

    • Create a new user servername_pst in the CortexSystem OU.
    • Grant Read permissions for Customers OU.
    • Add servername_pst to the CortexAdmins group.
  2. FTP Server Setup:

    • On the FTP server, create a folder (C:\CortexFTP).
    • Share it as WebHosting and grant Full Control to Everyone.
    • Adjust Security Permissions:
      • Disable inheritance and copy existing permissions.
      • Grant List Folder Contents to ServiceAdmins HE.
      • Grant Full Control to Exchange Trusted Subsystem.
  3. IIS FTP Site Configuration:

    • In IIS Management Console, navigate to Sites, right-click, and select Add FTP Site.
    • Set up:
      • Site Name: "Atria PST FTP Site"
      • Physical Path: C:\CortexFTP
      • Authentication: Basic
      • Authorization: domain\ServiceAdmins HE (Read and Write permissions)
    • Configure FTP User Isolation and specify credentials.
    • Restart FTP Site and Microsoft FTP Service.

For details, refer to:

Configure Unified Messaging

  1. Navigate to Configuration > System Manager > Service Deployment, expand Hosted Exchange, then click Service Settings.
  2. Expand Unified Messaging and complete the settings.
  3. Use Exchange Management Console to find the Mailbox Policy under Organizational Configuration > Unified Messaging > UM Mailbox Policies.
  4. Under Category Filter, select User, then expand Unified Messaging.
  5. In Extensions, specify the starting point for auto-generated extensions.
  6. Click Apply Changes, then go to User Plans.
  7. Expand the user settings, enable Unified Messaging, and configure required settings.

Summary

In this guide, you learned how to deploy the Hosted Exchange service for Atria. The next step is to provision the service to your customers and users. This guide is next. If you have any questions or require ant assistance, please contact us at support@getatria.com.