Exchange Server 2010 SP1 Beta Hosting Deployment... Part #2 - Creating New Organization

In my previous blog, Exchange Server 2010 SP1 Beta Hosting Deployment... Part #1 - The First Look, I blogged about some differences in the configuration container as well as in the domain naming context when you deploy Exchange Server 2010 SP1 beta with the /hosting switch. We saw that it created additional OUs. We also saw that it introduced some new cmdlets into the picture and at the same time disabled EMC and a few stuff as I put in my earlier blog post to highlight what is not available, What's not available in Exchange 2010 SP1 Hosting Mode. I saw some of the questions being posted in the forum asking why EMC can't be used and I think it may warrant a different blog post on that.

For now, let's look at how we can create a new Tenant Organization in this Exchange Server 2010 SP1 Beta Hosting Deployment and the things being created in the whole process. Now, before that, let's look at our good old HMC and understand what is involved in creating an Organization. As you know, the Organization creation process includes quite a few things, including OU, groups and etc. etc. In HMC, in order to create an Exchange enabled organization, we need to do the following if you remember,

  1. Use Hosted Active Directory to create a new organization.
  2. Then Subscribe the new organization to an Exchange Organization Plan
  3. Add the SMTP domain to the Organization
  4. Add User Plan/Service Plan to the organization.
  5. Create an organization administrator
  6. Mailbox enable the user using the appropriate user plan.

Now that's all good. The actual HMC's Hosted AD organization creation process does not create an administrator but some control panel will also create the administrator as part of the process and it may or may not mail enable the administrator and hence I added step 5-6 to the above.

Now, let's look at how we do it in Exchange Server 2010 SP1 beta. To create an new Organization, run the following in the Exchange Management Shell,

New-Organization -Name ProvTest -DomainName provtest.com -Location en-US -ProgramID HostingSample -OfferID 2 -AdministratorPassword (get-credential).password

The above cmdlet will first prompt you for a user name and password. Just enter any user name (because it won't be used) and then a password. It will create an admin user called 'Administrator'. After you enter the credential, the cmdlet will proceed to create a virtual organization called ProvTest with the SMTP domain of provtest.com. Location is understood. Now, that's all easy to understand so far, right?

The only 2 things that look sort of strange is the ProgramID and OfferID. When you install Exchange 2010 SP1 beta with /hosting switch, you will notice that it also install an additional folder in the ClientAccess server role (by the way, you should perform /hosting switch in every single server role in that Exchange environment to avoid any confusion. Under the folder, C:\Program Files\Microsoft\Exchange Server\V14\clientAccess\ServicePlans, you will find 1 CSV file and .serverPlan file. Essentially, this is really your organization plan and mailbox plan. If you open up the .serverPlan file, you will find XML file stating the appropriate features that this Organization and the mailbox that it will be adopting. Most of them are quite self explanatory. I won't go into it unless you guys think that i should (just drop me a note).

Now, the CSV file is the key here. It looks something like this,

So, as explained in the comment, the column header is ProgramID, OfferID, ServerPlanName. So, if I put ProgramID is HostingSample, OfferID is 2, I am selecting HostingAllFeatures.servicePlan as the plan that I will be using for this organization. Pretty straightforward, yeah?

That's one thing though, the fact that all these are in file format stored in Client Access server means that this New-Organization cmdlet should only be run on a Client Access Server and if you have multiple CAS, you should make sure that the files in these folders are identical. I personally think this could have been stored in a different place like Active Directory instead having the need to manually maintain those files in all the CAS. Obviously there might be some specific design reason that it is not done that way and I am not going to spend too much time talking about it, it is after all a beta code. :)

Now that we understand the cmdlet and that we have executed it, let see what are things created by this cmdlet. From the ADUC, you see this,

You have to say, that's pretty cool. Let me briefly list down what is being created,

  • It created an OU in Microsoft Exchange Hosted Organizations
  • Under the OU, it created the Administrator User
  • It created some security groups like Organization Management, Recipient Management.
  • It automatically put the Administrator into the appropriate groups.
  • It automatically mailbox enable the Administrator
  • It also created some special groups for the purpose of password policy and also a group that hos all the mailbox users.
  • It also created some system objects.

Oh, oh, before I forget, you should be happy to know that, whatever actions that are being executed within this cmdlet seems to work like a one big transaction. Meaning, if it created part of the stuff and then somehow it failed, then nothing is being created, it performed a roll back. Give it a try, run the cmdlet, observe the stuff being created and then half way through, hit a Ctrl-Break. You will see the newly created OU will disappear right in front of your eyes. Pretty neat, eh?

Now, that's not all. It also created it's own organization's configuration container. If you open up ADSIEdit, you will find the following,

Each Organization has their very own configuration unit. It means it has it's own separate Recipient Policies, Mailbox Policies, it's own Accepted Domains and etc. etc. you can see it from there. I am not going to go into detail on this.

What can I say? I think that's the whole purpose of designing Exchange for Hosters from ground up. A  complete segregation for all organizations hosted. I do think it is very well done.

Of course, this is still beta and there are still some codes or some cmdlets that are missing some switches and etc. I like what I am seeing so far. I will be going into some of the components a little bit more next such as how do we handle OOF (which in HMC we sort of deal with it using transport agent) and how do we create a new mailbox, and possibly look at what are some of the possible ways we can see to move from HMC to here and etc. Stay tune. I am out for now.

Previous Article

Exchange Server 2010 SP1 Beta Hosting Deployment... Part #1 - The First Look
https://blogs.technet.com/b/provtest/archive/2010/06/25/exchange-server-2010-sp1-beta-hosting-deployment-the-first-look-part-1.aspx

Continue Reading...

Exchange Server 2010 SP1 Beta Hosting Deployment

https://blogs.technet.com/b/provtest/archive/tags/hosted+exchange+server+2007/

Comments

  • Anonymous
    January 01, 2003
    Yes, the cmdlet is Remove-Organization. You have to remove all the mailboxes and etc. first though.

  • Anonymous
    January 01, 2003
    Hi, That will be my next article. Half way through that. Anyway, let me answer your question here so that you can at least move on.

  1. Try this cmdlet, New-Mailbox -Organization <Org Name> -Name <User name> -UserPrincipalName <put email here> It should then prompt you for password, enter it and then it should create a mailbox in that organization. For example, New-Mailbox -Organization Provtest -Name "John Doe" -UserPrincipalName jdoe@provtest.com
  2. When you create a mailbox for that organization, the new-mailbox has to know which context it is in so that it know how to handle the mailbox, things like address list stamped and etc. I don't believe the enable-mailbox cmdlet has that built in yet to allow enabling mailbox for existing AD user.
  • Anonymous
    January 01, 2003
    No, you don't have to but that's definitely one way to do it. :) Just create the new mailbox and then add the management role to that mailbox.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Hi JK, if you go back up to this article, you will notice my cmdlet is something like this, New-Organization -Name ProvTest -DomainName provtest.com -Location en-US -ProgramID HostingSample -OfferID 2 -AdministratorPassword (get-credential).password Note the last portion "-AdministratorPassword....." You need that.

  • Anonymous
    January 01, 2003
    Hi Pderover, I do not believe this is possible at the moment wih the default setting. However, it isn't impossible. The key lies with the RBAC. If you need to create additional groups and permissions and manually assign them.

  • Anonymous
    January 01, 2003
    I am glad it has helped you. It is my pleasure.

  • Anonymous
    January 01, 2003
    Hi Brian, I have no problem inserting multiple mailbox plan into the service plan and create the organization with that. in my SP1 beta. I will be updating to SP1 RTM shortly. Anyway, can you share your ServicePlan?

  • Anonymous
    January 01, 2003
    Hmmm... Ideally, there should be a New-MailboxPlan that should be able to create for the specific organization. However, it seems like this cmdlet isn't exposed to the Administrator and it is being called only in the New-Organization cmdlet. I didn't have a in-depth look into this though. That's why you can add multiple mailbox plan into the service plan and it will create multiple mailbox plan into the Org. We should revisit this to see how this will look like in SP1 RTM which should be soon.

  • Anonymous
    January 01, 2003
    Hi Peter. I was in the midst of compiling a blog post on this. Anyway, the problem has to do with the permissions elements in your second mailbox plan. Only the default one should have the permission element. Remove the permission elements, then you should be able to create multiple mailbox plan. I will explain a little bit in my blog post. Try that.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    July 08, 2010
    Very Cool stuff! It seems that the TCO on exchange 2010 hosting is much lower with the new method of provisioning Organizations. At least to me it looks like you can save quite a few server roles compaired to HMC. Can't wait to get started with this! Thanks for sharing the SPLA stuff by the way.

  • Anonymous
    July 09, 2010
    The comment has been removed

  • Anonymous
    August 23, 2010
    How do I add a second mbx plan for an organization?

  • Anonymous
    August 27, 2010
    Hello, We are not able to add second mailbox plan in service plan and getting the below error. Please suggest what can be done to fix this. Service plan XXservicesplanHostingAllFeatures is in an inconsistent state. Service plan dependency check failed. Featur e "!PerMBXPlanRoleAssignmentPolicyEnabled" is set to "True". It depends on feature "MailboxPlans", which is set to "Fal se".    + CategoryInfo          : NotSpecified: (:) [Update-ServicePlan], InvalidOperationException    + FullyQualifiedErrorId : 789AD023,Microsoft.Exchange.Management.Deployment.UpdateServicePlanTask

  • Anonymous
    September 10, 2010
    The comment has been removed

  • Anonymous
    September 10, 2010
    The comment has been removed

  • Anonymous
    September 22, 2010
    Hi, I was playing around with the Hosting feature. When I create a new tenant organization via the New-Organization cmdlet, it didn't prompt me for the Administrator password and as a result, no tenant administrator is created. Any idea what's happening here? I guess I could do it manually via the New-Mailbox cmdlet and then adding in all the required RBAC roles .......

  • Anonymous
    September 23, 2010
    Hi, yup, I just saw that. Thanks for the speedy response. Strange that the technet documentation says that I will be prompted for a password without this parameter. Now I have a tenant organization with no tenant administrator :/ Any quick and easy way to add one in? :P (besides the usual RBAC routines ...) Perhaps I should just delete the organization and re-create it instead.

  • Anonymous
    September 30, 2010
    Is there a way to remove an organization? If so what is the syntax?

  • Anonymous
    October 11, 2010
    The comment has been removed

  • Anonymous
    October 18, 2010
    How do you handle multiple mailplans that have been configured in a single serviceplan, where the feature like active sync is enabled for one but not another? "Service plan dependency check failed. Feature "ActiveSyncDeviceDataAccessPermissions" is set to "True". It depends on feature "ActiveSyncEnabled", which is set to "False".

  • Anonymous
    October 19, 2010
    The comment has been removed

  • Anonymous
    October 21, 2010
    The comment has been removed

  • Anonymous
    October 25, 2010
    Any news regarding possibility to use the Enable-Mailbox cmdlet to enable existing AD accounts, or is it "written in stone" that we have to create new users ?

  • Anonymous
    December 09, 2010
    The comment has been removed

  • Anonymous
    February 19, 2011
    Really great Articles, thx for this! I have a question please: How do I add a scond and third (and so on) Domain to a single Organization that can only be seen and used by this Organization. Is this possible? Does "New-AcceptedDomain" adds the Domain to all Orgs, right?

  • Anonymous
    October 30, 2011
    Server was unable to process request. ---> Could not find file 'C:Program FilesMicrosoftExchange ServerV14ClientAccessServicePlansServicePlanRemap.csv'. ---> Could not find file 'C:Program FilesMicrosoftExchange ServerV14ClientAccessServicePlansServicePlanRemap.csv'. at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at WebsitePanel.EnterpriseServer.ExchangeHostedEditionController.CreateOrganization(Int32 packageId, String organizationId, String domain, String adminName, String adminEmail, String adminPassword)

  • Anonymous
    January 26, 2012
    There are numerous posts requesting to not use the /hosting switch due to lack of features.  the only issue i am experiencing with the on-premise installation is that the serviceplans folder is missing therefore getting errors: "Server was unable to process request. ---> Could not find a part of the path 'C:Program FilesMicrosoftExchange ServerV14ClientAccessServicePlansServicePlanRemap.csv'. ---> Could not find a part of the path 'C:Program FilesMicrosoftExchange ServerV14ClientAccessServicePlansServicePlanRemap.csv'. at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at WebsitePanel.EnterpriseServer.ExchangeHostedEditionController.CreateOrganization(Int32 packageId, String organizationId, String domain, String adminName, String adminEmail, String adminPassword) is there a way around this? any info would be greatly appreciated. thanks