Exchange Server 2010 SP1 Beta Hosting Deployment... Part #2 - Creating New Organization
In my previous blog, Exchange Server 2010 SP1 Beta Hosting Deployment... Part #1 - The First Look, I blogged about some differences in the configuration container as well as in the domain naming context when you deploy Exchange Server 2010 SP1 beta with the /hosting switch. We saw that it created additional OUs. We also saw that it introduced some new cmdlets into the picture and at the same time disabled EMC and a few stuff as I put in my earlier blog post to highlight what is not available, What's not available in Exchange 2010 SP1 Hosting Mode. I saw some of the questions being posted in the forum asking why EMC can't be used and I think it may warrant a different blog post on that.
For now, let's look at how we can create a new Tenant Organization in this Exchange Server 2010 SP1 Beta Hosting Deployment and the things being created in the whole process. Now, before that, let's look at our good old HMC and understand what is involved in creating an Organization. As you know, the Organization creation process includes quite a few things, including OU, groups and etc. etc. In HMC, in order to create an Exchange enabled organization, we need to do the following if you remember,
- Use Hosted Active Directory to create a new organization.
- Then Subscribe the new organization to an Exchange Organization Plan
- Add the SMTP domain to the Organization
- Add User Plan/Service Plan to the organization.
- Create an organization administrator
- Mailbox enable the user using the appropriate user plan.
Now that's all good. The actual HMC's Hosted AD organization creation process does not create an administrator but some control panel will also create the administrator as part of the process and it may or may not mail enable the administrator and hence I added step 5-6 to the above.
Now, let's look at how we do it in Exchange Server 2010 SP1 beta. To create an new Organization, run the following in the Exchange Management Shell,
New-Organization -Name ProvTest -DomainName provtest.com -Location en-US -ProgramID HostingSample -OfferID 2 -AdministratorPassword (get-credential).password
The above cmdlet will first prompt you for a user name and password. Just enter any user name (because it won't be used) and then a password. It will create an admin user called 'Administrator'. After you enter the credential, the cmdlet will proceed to create a virtual organization called ProvTest with the SMTP domain of provtest.com. Location is understood. Now, that's all easy to understand so far, right?
The only 2 things that look sort of strange is the ProgramID and OfferID. When you install Exchange 2010 SP1 beta with /hosting switch, you will notice that it also install an additional folder in the ClientAccess server role (by the way, you should perform /hosting switch in every single server role in that Exchange environment to avoid any confusion. Under the folder, C:\Program Files\Microsoft\Exchange Server\V14\clientAccess\ServicePlans, you will find 1 CSV file and .serverPlan file. Essentially, this is really your organization plan and mailbox plan. If you open up the .serverPlan file, you will find XML file stating the appropriate features that this Organization and the mailbox that it will be adopting. Most of them are quite self explanatory. I won't go into it unless you guys think that i should (just drop me a note).
Now, the CSV file is the key here. It looks something like this,
So, as explained in the comment, the column header is ProgramID, OfferID, ServerPlanName. So, if I put ProgramID is HostingSample, OfferID is 2, I am selecting HostingAllFeatures.servicePlan as the plan that I will be using for this organization. Pretty straightforward, yeah?
That's one thing though, the fact that all these are in file format stored in Client Access server means that this New-Organization cmdlet should only be run on a Client Access Server and if you have multiple CAS, you should make sure that the files in these folders are identical. I personally think this could have been stored in a different place like Active Directory instead having the need to manually maintain those files in all the CAS. Obviously there might be some specific design reason that it is not done that way and I am not going to spend too much time talking about it, it is after all a beta code. :)
Now that we understand the cmdlet and that we have executed it, let see what are things created by this cmdlet. From the ADUC, you see this,
You have to say, that's pretty cool. Let me briefly list down what is being created,
- It created an OU in Microsoft Exchange Hosted Organizations
- Under the OU, it created the Administrator User
- It created some security groups like Organization Management, Recipient Management.
- It automatically put the Administrator into the appropriate groups.
- It automatically mailbox enable the Administrator
- It also created some special groups for the purpose of password policy and also a group that hos all the mailbox users.
- It also created some system objects.
Oh, oh, before I forget, you should be happy to know that, whatever actions that are being executed within this cmdlet seems to work like a one big transaction. Meaning, if it created part of the stuff and then somehow it failed, then nothing is being created, it performed a roll back. Give it a try, run the cmdlet, observe the stuff being created and then half way through, hit a Ctrl-Break. You will see the newly created OU will disappear right in front of your eyes. Pretty neat, eh?
Now, that's not all. It also created it's own organization's configuration container. If you open up ADSIEdit, you will find the following,
Each Organization has their very own configuration unit. It means it has it's own separate Recipient Policies, Mailbox Policies, it's own Accepted Domains and etc. etc. you can see it from there. I am not going to go into detail on this.
What can I say? I think that's the whole purpose of designing Exchange for Hosters from ground up. A complete segregation for all organizations hosted. I do think it is very well done.
Of course, this is still beta and there are still some codes or some cmdlets that are missing some switches and etc. I like what I am seeing so far. I will be going into some of the components a little bit more next such as how do we handle OOF (which in HMC we sort of deal with it using transport agent) and how do we create a new mailbox, and possibly look at what are some of the possible ways we can see to move from HMC to here and etc. Stay tune. I am out for now.
Exchange Server 2010 SP1 Beta Hosting Deployment... Part #1 - The First Look
Exchange Server 2010 SP1 Beta Hosting Deployment