Multi Tenant Hosting

[This is pre-release documentation and subject to change in future releases.][This topic's current status is: Writing]

Microsoft Exchange Server 2010 SP1 supports hosting deployments and provides Hosting Partners the core feature-set of Exchange Server in a manner that can be deployed to multiple customers in a single installation, and provides ease of management and flexibility of provided features to end-users.

Using Exchange 2010 SP1 Hosting Deployment Guide

Exchange Server 2010 SP1 Hosting Deployment guide is organized to rely primarily upon the Exchange 2010 core content with the hosting deployment differences highlighted. For more information, see Getting Started with Exchange 2010 Hosting Deployment.

This document is for the beta release of Exchange SP1 and is considered pre-release documentation and subject to change in future releases. Each topic in this help file has the topic's writing status displayed at the top of the page. For more information about the meaning of the writing status, see Topic Status.

© 2010 Microsoft Corporation. All rights reserved. Legal Information


The hosting solution available for Exchange 2010 SP1 includes most of the features and functionality available in Exchange 2010 SP1 Enterprise deployments, but also includes features and functionality that will allow you to create and manage tenant organizations.

Microsoft Exchange Server 2010 SP1 will form part of the suite of multi-tenant capable products that will replace the Hosted Messaging and Collaboration 4.5 solution.

What's Available in Exchange 2010 SP1 Hosting Deployments

The following features and functionality are unique to hosting deployments:

� Hosting Installation When you install Exchange 2010 SP1 for hosting deployments, you will run the installation from the command line and include the /hostingswitch. Once installed, your servers will be running in Hosting Mode.

� Tenant Organization Configuration Because you will be creating and managing multiple organizations in the hosting deployment, you can use cmdlets and parameters that aren't available to Enterprise deployments. For more information, see Checklist: Create a Tenant Organization.

� Service Plans A service plan allows you to enable or disable certain features when deploying tenant organizations. They simplify tenant administration by automatically setting up feature configuration and automatic feature provisioning of mailboxes. In addition, service plans allow you to grant the correct set of RBAC permissions to tenant based on available features.

� Mailbox Plans A mailbox plan is a template that automatically populates multiple user properties and assigns default permissions to new or existing user accounts. You use mailbox plans to provision accounts for a particular user population with a common default configuration.

For more information, see Understanding Service Plans and Mailbox Plans.

What's not available in Exchange 2010 SP1 Hosting Mode

Exchange 2010 SP1 doesn't support the following features in Hosting mode:

� Exchange Management Console

� Public Folders

� Unified Messaging Server role

� Federation

� Business-to-Business features such as cross-premises message tracking and calendar sharing

� IRM

Exchange Server 2010

Exchange Server 2010 SP1 Hosting Deployment Guide (Beta)

��

��

��

��

��

��

��


Getting Started with Exchange 2010 Hosting Deployment

Exchange Server 2010 SP1 Hosting Deployment Guide (Beta) >

��

��

��

��

��

��

��

of 28Exchange Server 2010 SP1 Hosting Deployment Guide (Beta)

21/06/2011file:///C:/Users/wayne.james/AppData/Local/Temp/~hh58A7.htm

� Outlook 2003 support (EnableLegacyOutlook)

� Edge Transport Server role


[This is pre-release documentation and subject to change in future releases.][This topic's current status is: Content Complete]

Applies to: Exchange Server 2010 SP1

The Topic Status located at the top of each topic indicates the current state of the content in the topic. The following table describes the various status values that are used by the Microsoft Exchange documentation team.

Topic status values in Exchange 2010 documentation



The topics in this section can help you plan the deployment of Microsoft Exchange Server 2010 into your production environment. See "Establish a Test Environment" later in this topic about installing Exchange 2010 in a test environment prior to deploying into production.

Checklist

Use this checklist to plan for your Exchange 2010 SP1 Hosting Deployment. In most cases, the information is the same for Enterprise deployments and Hosting deployments. However, hosting deployments has a requirement or step that is different from the Enterprise deployment, that change will be noted in the "Hosting Deployment Differences" column.

Before you begin, make sure that you are familiar with the following information:

� Planning for Exchange 2010

�


Topic Status

Exchange Server 2010 SP1 Hosting Deployment Guide (Beta) > Getting Started with Exchange 2010 Hosting Deployment >

��

��

��

��

��

��

��

Value Description

Writing Not Started The topic is present in the table of contents, but it contains either no content or incomplete content. Incomplete content could include legacy Exchange documentation.

Writing Content is being written or updated.

Ready for Tech Review Content is ready to be reviewed by subject matter experts.

In Tech Review Content has been submitted for review.

Revising Per Tech Review

Review comments are being analyzed and incorporated by the writer.

Editing Content is being edited for syntax, structure, and technical accuracy.

Revising Per Edit Edits are being analyzed and incorporated by the writer.

Back to Editor Content has been revised per edits and is being analyzed and incorporated by editor.

Ready for Copy Edit Content is ready for copy edit.

Revising Per Copy Edits Copy edits are being analyzed and incorporated by the editor.

Milestone Ready Content has been reviewed for technical accuracy and edited.

Content Complete Content is complete and is applicable to the release to manufacturing (RTM) version of Exchange 2010.


Planning Checklist for Hosting Deployments


��

��

��

��

��

��

��

Done? Tasks Topic Hosting Deployment Differences

Review System Requirements to ensure that your network, hardware, software and clients meet the requirements for Exchange 2010.

Exchange 2010 System Requirements

Exchange 2010 must be deployed in a new forest at Windows Server 2008 functional level.

Review the Planning Roadmap to help you prepare your organization for deployment.

Planning Roadmap for New Deployments

The Exchange Deployment Assistant doesn't support Hosting deployments.

Review Mailbox Sizing Requirements to design your storage.Mailbox Server Storage Design



Establish a Test Environment

Before installing Exchange 2010 for the first time, we recommend that you install it in an isolated test environment. This approach reduces the risk of end-user downtime and negative ramifications to the production environment.

The test environment will act as your “proof of concept” for your new Exchange 2010 design and make it possible to move forward or roll back any implementations before deploying into your production environments. Having an exclusive test environment for validation and testing allows you to do pre-installation checks for your future production environments. By installing in a test environment first, we believe that your organization will have a better likelihood of success in a full production implementation.

For many organizations, the costs of building a test lab may be high because of the need to duplicate the production environment. To reduce the hardware costs associated with a prototype lab, we recommend the use of virtualization by using Windows Server 2008 R2 Hyper-V technologies. Hyper-V enables server virtualization, allowing multiple virtual operating systems to run on a single physical machine.

For more detailed information about Hyper-V, see Virtualization with Hyper-V. For information about Microsoft support of Exchange 2010 in production on hardware virtualization software, see "Hardware Virtualization" in Exchange 2010 Multi-Tenant System Requirements.



The deployment phase is the period during which you install Microsoft Exchange Server 2010 into your production environment. Before you begin the deployment phase, you should plan your Exchange organization. For more information, see Planning for Exchange 2010 Multi-Tenant.

� Unified Messaging

� Edge Transport

Installation Checklist to deploy Exchange 2010 in a new forest

Use this checklist to deploy your Exchange 2010 SP1 Hosting Deployment. In most cases, the information is the same for Enterprise deployments and Hosting deployments. However, if the hosting deployment has a requirement or step that is different from the Enterprise deployment, that change will be noted in the "Hosting Deployment Differences" column.

Before you begin, make sure that you are familiar with the following information:

� Deploying Exchange 2010


Deployment Checklist for Hosting Deployments


��

��

��

��

��

��

��

Note: The following server roles are not supported for Hosting Deployments:

Important: If Active Directory isn't prepared using the /hosting switch, you will need to clean up active directory and prepare it again for hosting mode. If you have an existing Exchange Enterprise installation, you should clean up the Exchange Hosting registry so that Enterprise features continue to function properly.

Done? Tasks Topic Hosting Deployment Differences

Confirm prerequisite steps are done. Exchange 2010 PrerequisitesExchange 2010 must be deployed in a new forest at Windows Server 2008 functional level.

Configure disjoint namespace Configure Disjoint Name Spaces

Install the Client Access server role New Installation of Excha n ge Server 2010

You must install Exchange 2010 from the command line in order to use the /hosting switch.

The following switches are not supported during installation:

� EnableLegacyOutlook

� LegacyRoutingServer

� AdamLdapPort

� PrepareLegacyExchangePermissions

� ActiveDirectorySplitPermissions

� AddUMLanguagePack

� RemoveUMLanguagePack



Post-Installation Checklist



Use this checklist to perform a build-to-build upgrade of Exchange Server 2010. Build-to-build upgrades are used to upgrade from different versions of Exchange, such as upgrading from the Beta version to the released version.

Before you start working with this checklist, make sure you're familiar with the concepts in:

� Planning Checklist for Hosting Deployments

� Deployment Checklist for Hosting Deployments

Checklist for performing a build-to-build upgrade

Return to top


Add digital certificates on the Client Access server role

Securing Client Access Servers

Enable Outlook Anywhere Enable Outlook Anywhere

Configure OAB and Web Services virtual directories

Enable or Disable SSL on Exchange Web Services Virtual Directories

Install the Hub Transport server role Install Exchange 2010 in Unattended ModeYou must install Exchange 2010 from the command line and you must use the /hosting switch.

Install the Mailbox Server role Install Exchange 2010 in Unattended ModeYou must install Exchange 2010 from the command line and you must use the /hosting switch.

Verify your Exchange 2010 Installation Verify an Exchange 2010 Installation

Done? Tasks Topic Notes

Enter Product Key Enter Product Key

Disable the Exchange Control Panel

Disable the Exchange Control PanelIf your organization provides an interface for tenant admins to administer the tenant organizations, you need to disable the ECP.

Create a Tenant Organization

Checklist: Create a Tenant OrganizationIf you are enabling Open Domains, you will want to disable mail tips for privacy purposes.

Autodiscover Redirection

Enable Antispam AgentsEnable the Antispam Agents on the Hub Transport server for Hosting


Checklist: Exchange 2010 Build-to-Build Upgrade for Hosting Deployments

Exchange Server 2010 SP1 Hosting Deployment Guide (Beta) > Deployment Checklist for Hosting Deployments >

��

��

��

��

��

��

��

Done? Tasks

Upgrade all servers and all server roles by using the

Setup.com /m:upgrade command.

On the computer that you upgraded, verify that the upgrade occurred by running the following command:

Verify that this is the latest version.

Copy CodeGet-ExchangeServer | FL *version*

Check the setup log files for any errors. The setup logs can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.

Modify customized service plans.


Open an Exchange Management Shell session on a Client Access server and then for each tenant, upgrade the organization.

For more information, see Upgrade a Tenant Organization.

Verify that the mailflow is still working for each tenant organization. You can use the Exchange Remote Connectivity Analyzer to test mail flow.

Additionally, you can use the Test-Mailflow cmdlet.

Verify that the BuildMajor and BuildMinor properties are update in organization objects by running the following command:

Copy CodeGet-Organization -Identity <Tenant Organization> | FL Build*


Disable the Exchange Control Panel




If your hosting organization is going to provide an interface for tenant admins to control their tenant organization, you will need to disable ECP.

Create the registry key to disable ECP

Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

1. Click Start > Run.

2. In the open field, type regedit, and then click OK.

3. Navigate to the following registry subkey:

\\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\V14

4. In the tree, right-click on V14, select New, and then click DWORD (32-bit) Value.

5. The new DWORD displays in the results pane.

6. Rename the key by typing OMECPDisabled.

1. Restart the Microsoft Exchange Information Service for the changes to take affect.


[This is pre-release documentation and subject to change in future releases.][This topic's current status is: Writing Not Started]

Because Edge Transport Server isn't available for Exchange 2010 SP1 deployments in hosting mode, you will need to run Microsoft Exchange Server 2010 anti-spam features on Hub Transport servers. This topic describes how to enable Microsoft Exchange anti-spam functionality on Hub Transport servers.

To install and enable the anti-spam features on a Hub Transport server, you must run the Install-AntispamAgents.ps1 script. This script is installed when you run Exchange Setup. After you run the script, you must restart the Microsoft Exchange Transport service to finish the installation of the following anti-spam features:

� Connection filtering

� Content filtering

� Sender ID

� Sender filtering

� Recipient filtering

� Sender reputation

Looking for other management tasks related to managing anti-spam and antivirus features? Check out Managing Anti-Spam and Antivirus Features.


��

��

��

��

��

��

��

Note: This procedure will disable ECP for all tenants and you must perform this procedure on all CAS servers in your organization.

Note: You don't need to assign a value to the registry key.


Enable the Antispam Agents on the Hub Transport server for Hosting


��

��

��

��

��

��

��

Important: Most Exchange 2010 documentation doesn't refer to the anti-spam features in the context of the Hub Transport server. Therefore, as you read documentation about how to configure, manage, and maintain anti-spam features, remember that all functionality that's documented in the context of the Edge Transport server is also available on the Hub Transport server, unless specifically noted otherwise.



Enable anti-spam functionality on a Hub Transport server

After you run the Install-AntispamAgents.ps1 script, restart the Microsoft Exchange Transport service, and set the InternalSMTPServers parameter.

Run the Install-AntispamAgents.ps1 script

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Hub Transport server" entry in the Transport Permissions topic.

1. Run the following command from the %system drive%/Program Files\Microsoft\Exchange Server\V14\Scripts folder.

2. After the script has run, restart the Microsoft Exchange Transport service by running the following command.

Use the Shell to set the InternalSMTPServers parameter

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Hub Transport server" entry in the Transport Permissions topic.

You must specify all internal SMTP servers on the transport configuration object in Active Directory forest before you run connection filtering. Specify the internal SMTP servers by using the InternalSMTPServers parameter on the Set-TransportConfig cmdlet.

The following example adds the internal SMTP server addresses 10.0.1.10 and 10.0.1.11 to the transport configuration of your organization.



AutoDiscover redirection permits the tenant organizations to connect to the hosting organization by using a single instance of AutoDiscover. AutoDiscover redirection also permits all of the tenants to use the same SSL certificate.

In order to use AutoDiscover features with hosted e-mail domains, you must set up and configure a site that will function as a redirector to the main Exchange AutoDiscover Web site. For each hosted e-mail domain that you offer, an alias (CNAME) will be setup in DNS to refer AutoDiscover capabilities to this AutoDiscover Redirection Web site. This AutoDiscover Redirection Web site will re-direct the users to the main Exchange AutoDiscover Web site which will then provide the correct information to Outlook clients.

To configure AutoDiscover redirection, you must complete the following steps:

Step 1 Setup the AutoDiscover redirect site

Step 2 Configure the Client Access servers to handle AutoDiscover requests

Step 3 Setup the DNS record for the tenant organization.

This topic documents the first two steps. To setup the DNS record for the tenant organization, see Configure Autodiscover Redirection for the Hosting Organization.

For more information about Autodiscover, see Understanding the Autodiscover service.

Prerequisites

You must have a server running Internet Information Services (IIS) 7. For more information, see IIS 7 Installation and Deployment.

The Client Access Server and the Domain Controller can't be the same server.

Setup the AutoDiscover redirection site

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "<Feature>" entry in the <link to Feature Permissions> topic.

Copy Code./install-AntispamAgents.ps1

Copy CodeRestart-Service MSExchangeTransport

Important: For all anti-spam features to work correctly, you must have at least one IP address of an internal SMTP server set on the InternalSMTPServers parameter on the Set-TransportConfig cmdlet. If the Hub Transport server on which you're running the anti-spam features is the only SMTP server in your organization, enter the IP address of that computer.

Copy CodeSet-TransportConfig -InternalSMTPServers 10.0.1.10,10.0.1.11


Configure Autodiscover Redirection for the Hosting Organization


��

��

��

��

��

��

��



1. On the server that will be running IIS and the Autodiscover redirect, install the HTTP Redirection module. For more information, see Configure the Web Server to Redirect Requests to a Relative Destination (IIS 7).

2. Create a virtual website for Autodiscover redirection.

1. On the Server that is running IIS manager, open the IIS manager.

2. In the console tree, expand the server.

3. Right-click on Sites, and then click Add Web Site.

4. In the Site name field, type AutodiscoverRedirection.

5. Select a Physical path to the virtual website. For example D:\Autodiscover Redirection.

6. In the binding section, complete the following options

Type: http

IP address: Type or select the explicit IP Address to the redirection server.

7. Click OK.

3. Create a virtual directory for Autodiscover redirection.

1. In the console tree, right-click on the AutodiscoverRedirection website, and then select Add Virtual Directory.

2. In the Add Virtual Directory dialog box, complete the following options:

Alias: Autodiscover

Physical path: Select the physical path to the virtual directory. This should be a sub folder of the Autodiscover Redirection virtual website that you created in the previous step. For example D:\Autodiscover Redirection\Autodiscover.

3. Click OK.

4. Configure HTTP Redirection for Autodiscover.

1. In the console tree, click on the Autodiscover virtual directory. In the results pane double-click on HTTP Redirect.

2. Click the Redirect requests to this destination checkbox.

3. Type the autodiscover redirection address. For example, https://mail.contoso.com/autodiscover. This address will match the ExternalURL that you will use in configuring Client Access servers to handle the Autodiscover requests.

Configure the Client Access servers to handle AutoDiscover requests


1. Enable Outlook Anywhere by using the Enable-OutlookAnywhere cmdlet. You must set the following options:

� DefaultAuthenticationMethod: Basic

� ExternalHostName: The ExternalHostName specifies the host name that users outside of the organization will connect to Outlook Anywhere. For example, mail.contoso.com.

� SSLOffloading: $false

This example enables the server Server01 for Outlook Anywhere. The external host name is set to mail.contoso.com, Basic authentication is used, and SSL offloading is set to $false.

2. Configure the AutoDiscover Virtual Directory by using the Set-AutoDiscoverVirtualDirectory cmdlet. You must set the following options:

� BasicAuthenication: $true

� InternalURL: The url that is used to connect to the virtual directory from outside the organization. Use /autodiscover at the end of the URL to specify the autodiscover virtual directory.

� ExternalURL: The url that is used to connect to the virtual directory from inside the organization. Use /autodiscover at the end of the URL to specify the autodiscover virtual directory.

This example sets the InternalURL and ExternalURL of the default autodiscover virtual directory to https://mail.contoso.com/autodiscover with basic authentication enabled.

3. Set the OAB Virtual Directory by using the Set-OABVirtualDirectory cmdlet. You must set the following options:

� RequireSSL: $true

� InternalURL: The InternalURL specifies the URL that is used to connect to the virtual directory from inside of the organization. Use /OAB at the end of the URL

Copy CodeEnable-OutlookAnywhere -Server Server01 -ExternalHostname mail.contoso.com -DefaultAuthenticationMethod:Basic -SSLOffloading $False

Set-AutodiscoverVirtualDirectory -Identity 'autodiscover (default Web site)' -ExternalURL 'https://mail.contoso.com/autodiscover' -InternalURL 'https://mail.contoso.com/autodiscover'



to specify the OAB virtual directory.

� ExternalURL: The ExternalURL specifies the URL that is used to connect to the virtual directory from outside of the organization. Use /OAB at the end of the URL to specify the OAB virtual directory.

� BasicAuthentication: $true

This example sets the default OAB virtual directory that resides on Server01 to require SSL, and sets the internal URL and external URL to https://www.contoso.com/OAB. It also sets the authentication method to basic authentication.

4. Set the Web Services Virtual Directory by using the Set-WebServicesVirtualDirectory cmdlet. You must set the following settings:

� ExternalURL: The ExternalURL specifies the URL that is used to connect to the virtual directory from outside of the organization. Use /EWS/Exchange.asmx at the end of the URL to specify the web services virtual directory.

� InternalURL: The InternalURL specifies the URL that is used to connect to the virtual directory from inside of the organization. Use /EWS/Exchange.asmx at the end of the URL to specify the web services virtual directory.

� BasicAuthentication: $true

This example sets the authentication method to Basic authentication for the virtual directory EWS on the server SERVER01. This example also sets the external and internal URLs for this virtual directory to https://www.contoso.com/EWS/Exchange.asmx.

Other Tasks

After you Configure AutoDiscover redirection, you may also want to Configure Autodiscover Redirection for the Hosting Organization.



Use this checklist to create a new tenant organization.

Before you start working with this checklist, make sure you're familiar with the concepts in:

� Understanding Service Plans and Mailbox Plans

Checklist for Creating a Tenant Organization

Return to top

Checklist for Tenant Organizations

Tenant organizations need perform the following tasks to ensure that they can connect to the hosted environment.


Set-OABVirtualDirectory -Identity "Server1\OAB (Default Web Site)" -ExternalUrl "https://www.contoso.com/OAB" InternalURL-BasicAuthentication $true

Set-WebServicesVirtualDirectory -Identity "SERVER01\EWS(default Web site)"-BasicAuthentication $true -ExternalUrl https://www.contoso.com/EWS/exchange.asmx


Checklist: Create a Tenant Organization


��

��

��

��

��

��

��

Done? Tasks

(Optional) Create a Service Plan for a Tenant Organization

This includes defining the properties for a mailbox plan. If you already have service plans in place, you can skip this step.

(Optional) Add a Service Plan to the Service Plan Map

If you already have service plans in place and they are already mapped, you can skip this step.

Copy the Service Plans and Service Plan maps across all CAS servers.

Verify a New Service Plan


Configure Autodiscover Redirection for the Hosting Organization

Verify the Tenant Organization

Done? Tasks

Connect Tenant Organization to Autodiscover





Service plans and mailbox plans allow you to easily provision tenant organizations with Exchange features so that the settings are automatically configured for each new tenant organization. This reduces the overhead of individually setting up and customizing features for each tenant organization.

For more information about how to setup a tenant organization, see Checklist: Create a Tenant Organization.

Service Plans

Service plans allow you to enable or disable Exchange features, define permissions, and customize offerings to customers. It is also within service plans that you create your mailbox plans. These plans are to be used as a starting point for creating your own organizations.

The Service Plan contains two sections:

� Organization The Organization section allows you to modify settings that affect the entire tenant organization. You can set Global Elements, Permission Elements, and Quota Elements.

� Mailbox Plans You can create descriptions of multiple mailbox plans that the tenant organization has available and these plans affect individual mailbox or user settings, such as access to ActiveSync and EWS, and send and receive quotas. For more information about Mailbox Plans, see the Mailbox Plans section later in this topic.

Service Plan Templates

When you install Exchange 2010 SP1 with the /hosting switch, three service plan templates are made available for your use. We expect that you will customize these templates to meet your needs.

Service plan templates are in the following location: <Exchange Installation Path>\Exchange Server\V14\ClientAccess\ServicePlans.

� HostingAllFeatures.serviceplan

This template contains all Exchange features available to tenant organizations.

� HostingBusinessMapi.serviceplan

This template can be used for provisioning business organizations that use MAPI and other protocols for client access.

� HostingBusinessNonMapi.serviceplan

This template can be used for provisioning business organizations that use OWA, POP, IMAP, or EAS for client access. These organizations do not use MAPI.

Service Plan Best Practices

The goal of service plans is to allow you to create just a few service plans to become the templates for all of your tenant organizations. Creating too many service plans can become very hard to manage.

Making sense of the ProgramID, OfferID and ServicePlan designations in the ServicePlanHostingRemap.csv file

When you create a service plan, you add the service plan to the Service plan remap file. This file maps the program ID, Offer ID and service plan name.

The ProgramID can be thought of as an offering level, such as Business. Then the OfferID can be used as a sub-offering level, such as Medium Org or Small Org.

When you create a new organization, you must provide the program ID and Offer ID in the New-Organization command. Those two IDs will allow the command to see which service plan to use for the organization.

Example

For example, Contoso.com, which is an e-mail hosting provider has created 3 service plans to manage all of their tenant organizations:

Understanding Service Plans and Mailbox Plans

Exchange Server 2010 SP1 Hosting Deployment Guide (Beta) > Checklist: Create a Tenant Organization >

��

��

��

��

��

��

��

Mailbox PlanSpecifies a set of Exchange features that needs to be enabled on a mailbox in the tenant organization. Tenant organizations can have multiple mailbox plans. Mailbox plans are assigned to the tenant organization by the Service Plan. The mailbox plan is an Active Directory object and is used by cmdlets that provision mailboxes, such as New-Mailbox and Enable-Mailbox.

Service PlanA service plan is a list of Exchange features, resource limits, and RBAC permissions available for a tenant organization. In addition, service plans contains descriptions and property values of one or more mailbox plans.

Service Plan template

The service plan templates are XML files that contain organizational and mailbox features that you can offer you tenant organizations. You can use the templates to create custom service plans or custom mailbox plans.

Note: All CAS Servers must have exact copies of all of the Service plans that you create and modify. If you don't have exact copies of all service plan files, then mailboxes may be provisioned differently within the same organizations.



After some time offering these programs, Contoso decides to stop offering the SmallBusiness.serviceplan offering. So, the administrator edits the ServiceMapHostingRemap.csv file so that the Business, SmallOrg program id and offerid now point to MediumBusiness.serviceplan and new when new organizations are created, they will automatically be setup with the Medium business offerings even if they have the small business program and offer ids.

And in order for the new service plan to get implemented on the current small orgs, you will need to run the Update-ServicePlan command.

Mailbox Plans

A mailbox plan is a template that automatically populates multiple user properties and assigns default permissions to new or existing user accounts. The mailbox plan is an Active Directory object and is used by cmdlets that provision mailboxes. You use mailbox plans to provision accounts for a particular user population with a common default configuration.

You can use the Get-MailboxPlan cmdlet to query existing mailbox plans and you can use the Set-MailboxPlan cmdlet to modify existing mailbox plans.

Within an organization, you can create mailboxes based on different mailbox plans included in the service plan.

For example, Alpine Ski House, which consists of a headquarters office and several stores, has two mailbox plans in their tenant organization: Level 1 and Level 2. The Level 1 users in their organization include those who work at the headquarters and are heavy e-mail users. The Level 2 users are store managers who only use e-mail to receive information updates and memos from head quarters. Level 1 mailboxes get 1 GB mailboxes, 1 GB archives, are able to send mail to users outside of the organization, and are able to create and manage distribution groups. The Level 2 users get 300 MB mailboxes, no archive and can only send and receive e-mail from within the organization.



This topic is a reference for the features that are configurable within service plans.

By default, Boolean features that aren't listed in the service plan will not be enabled.

Service plans enforce certain interdependencies between features and not all combinations of features make sense. Provisioning a new organization will fail if dependencies are broken, if an unknown feature is referenced, or the XML schema is invalid for given service plan, such as the features not being listed in alphabetic order.

Service plan templates are in the following location: <Exchange Installation Path>\Exchange Server\V14\ClientAccess\ServicePlans.For more information, see Understanding Service Plans and Mailbox Plans.

Organization

Organization section includes features that apply to the entire tenant organization. Through the Organization section, you can modify the following sub sections: global elements, permission elements, and quota elements.

Global Elements

Global elements determine which features will be permitted for the entire organization.

ProgramId, OfferId

ServicePlan Name Features

Business, SmallOrg SmallBusiness.serviceplanGets basic business productivity offerings such as mailtips, offline address books and OutlookAnywhere and up to 50 mailboxes.

Business, MedOrg MediumBusiness.serviceplanGets basic business offerings and up to 250 mailboxes.

Business, LargeOrg LargeBusiness.serviceplanGets the basic business offerings plus advanced business offerings such as journaling, and moderated recipients and up to 5000 mailboxes.


Configurable Features for Service Plans and Mailbox Plans

Exchange Server 2010 SP1 Hosting Deployment Guide (Beta) > Checklist: Create a Tenant Organization > Understanding Service Plans and Mailbox Plans >

��

��

��

��

��

��

��

Note: You can verify a service plan by running the New-Organization cmdlet with the WhatIf parameter.

Feature Description Additional Configuration

AddressListEnabledThis property specifies that when the new tenant organization is created, the precanned address lists such as All Rooms and All Contacts are created.

ApplicationImpersonationEnabledThis property specifies that impersonation rights will be granted to the tenant organization administrator for any user mailbox.

AutoForwardEnabledThis property parameter specifies whether to allow messages that are auto-forwarded by client e-mail programs in your organization. Setting this parameter to $true enablesauto-forwarded messages to be delivered to remote domains.

AutoReplyEnabledThis property specifies whether to allow messages that are automatic replies from client e-mail programs in your organization. Setting this parameter to $true enables automatic replies to be delivered to remote domains.

CommonConfiguration

HideAdminAccessWarningEnabledThis property specifies that users will not be warned that an administrator has access



Permission Elements

Organizational permission elements configure the RBAC rights that will be available to the tenant organization's administrator. If the properties are set to True, and there is ECP UI available for that feature, the tenant admin will have the ECP UI available to administer this feature. If the property is set to False, the ECP UI will be unavailable for the tenant administrator. In addition, if the property is not listed, it will not be enabled.

rights to their mailbox.

MailtipsEnabled This property specifies that the tenant organization has Mailtips enabled.

OffineAddressBookEnabled This property specifies that the organization has Offline Address Books available.

You will need to properly configure OABs for this organization. For more information, see Create Offline Address Book.

PermissionManagementEnabledThis property specifies that the tenant administrator will be able to assign permissions to users.

SearchMessageEnabled

This property specifies that the tenant administrator will have the Discovery role assignment and the Discovery mailboxes RBAC permissions.

By default, the tenant administrator doesn't have the Discovery Management role for permissions to discovery mailboxes and only have the ability to delegate the discovery management role. The Discovery Management role which provides the ability to run Discovery cmdlets and gives permission to the default discovery mailboxes. The tenant administrator can delegate the role to himself/herself or to others.

Add a User to the Discovery Management Role Group.

SkipToOUandParentalControlCheckEnabled This property enables OWA redirection.

SMTPAddressCheckwithAcceptedDomainEnabledThis property checks the SMTP address with accepted domains for mail users and mail contacts.


ActiveSyncDeviceDataAccessPermissionsThis property specifies that the tenant administrator has permissions to retrieve information about the Exchange ActiveSync devices used within their Organization as well as clear the user's device (Privacy restricted).

This should be used in conjunction with ActiveSyncPermissions

ActiveSyncPermissionsThis property specifies that the tenant administrator has permission to manage ActiveSync access and policies for their users.

This should be used in conjunction with ActiveSyncDeviceDataAccessPermissions.

ArchivePermissionsThis property specifies that the tenant administrator has permission to manage archive permissions for their users.

CalendarConnectionPermissions

This property specifies that tenant administrators can configure the new Calendar Connection, which allows users to outside their organization to view/edit their calendar, view/edit others’ calendars and subscribe to published calendars on the Internet.

ChangeMailboxPlansAssignmentPermissionsThis property specifies that tenant administrators can change mailbox plans for users in their organization.

EWSPermissionsThis property specifies that tenant administrators can mange EWS access policies.

ImapPermissionsThis property specifies that tenant administrators can manage IMAP4 settings allowing them to enable, disable, or customize the settings.

JournalingRulesPermissions

This property specifies that the tenant administrator can manage journaling rules. Giving them the ability to record all communications, including e-mail communications in an tenant organization for use in the organization's e-mail retention or archival strategy (Privacy restricted)

LitigationHoldPermissionsThis property specifies that the tenant administrator has the ability to set litigation hold on a mailbox.

MailtipsPermissionsThis property specifies that the tenant administrator has the ability to assign permission to allow users to set or unset mail tips for their mailboxes.

ManagedFolderPermissionsThis property sepcifies that the tenant administrator has the ability to assign permission to allow users to configure their managed folders.

MessageTrackingPermissionsThis property specifies that the tenant administrator has the ability to manage the message tracking reports.

ModeratedRecipientPermissionsThis property specifies that the tenant administrator has the ability to control email delivery to protected distribution groups and users by restricting to and pending from an email approval process.

NewUserPasswordManagementPermissionsThis property specifies that the tenant administrator has the ability to create a password when creating a new mailbox.

OrganizationalAffinityPermissionsThis property specifies that the tenant administrator has permission to turns off "Work Week" and "Automatically process requests and responses from external senders".

OutlookAnywherePermissionsThis property specifies that the tenant administrator has the ability to enable OutlookAnywhere access for users.

OWAMailboxPolicyPermissionsThis property specifies that the tenant administrators can create and manage OWA mailbox policies.

OWAPermissionsThis property specifies that the tenant administrators can manage OWA features such as customizing OWA settings and setting themes.

PopPermissionsThis property specifies that the tenant administrators can manage POP3 settings allowing them to enable, disable, or customize the settings.

ProfileUpdatePermissionsThis property specifies that the tenant administrator has the rights to update user profile information.

RBACManagementPermissionsThis property specifies that the tenant administrator has the rights to manage RBAC roles, role assignments, role entries, and role scope.

RecipientManagementPermissionsThis property specifies that the tenant administrator has the right to create and remove mailboxes.

ResetUserPasswordManagementPermissionsThis property specifies that the tenant administrator can reset user passwords.



Quota Elements

When the following quota element maximums are reached, the tenant organization will be unable to create additional recipient types.

Mailbox Plans

Mailbox Plan Identifiers

Boolean Elements

Permissions Elements

RetentionTagsPermissionsThis property specifies that the tenant administrator can create and manage retention tags.

This feature requires Outlook 2010.

RoleAssignmentPolicyPermissionsThis property specifies that the tenant administrator can crate and mange role assignment policies.

SearchMessagePermissionsThis property specifies that tenant administrators have permission to search messages in compliance issues.

SetHiddentFromAddressListPermissionsThis property specifies that the tenant administrators can hid a mailbox from the address list.

SMSPermissionsThis property specifies that the tenant administrators can manage and enable SMS for user mailboxes.

TransportRulesPermissions

This property specifies that the tenant administrators can manage transport rules.

Transport Rules enables organizations to create rules based on conditions, exceptions, and actions. Conditions apply to users, distribution lists, and message contents. Exceptions let you exclude specific users, distribution lists, or SMTP connectors

UserMailboxAccessPermissions

Feature Description

ContactCountQuota This property specifies the maximum number of contacts allowed in the tenant organization's address list.

DistributionListCountQuota This property specifies the maximum number of distribution lists allowed in the tenant organization.

MailboxCountQuota This property specifies the maximum number of mailboxes allowed in the tenant organization.

MailUserCountQuota This property specifies the maximum number of mail user accounts allowed in the tenant organization.

RecipientMailSubmissionRateQuota This property specifies how many messages a mailbox can send. By default, this is unlimited.

Feature Description

MailboxPlanName This property specifies the name of the mailbox plan.

MailboxPlanIndex Each mailbox plan in this service plan must have a unique index number.

ProvisionAsDefault

This property specifies that the mailbox plan is the default mailbox plan. When new mailboxes are created and you do not specify a mailbox plan at that time the default mailbox plan will be applied to the mailbox.

This property can be overridden by tenant administrators who have permission to change the default mailbox plan.


ActiveSyncEnabled

This property specifies that ActiveSync is enabled for the user. ActiveSync lets you synchronize a mobile phone with your Exchange mailbox.

The default value is true.

You may create ActiveSync mailbox policies for the tenant org and may control de access privileges of devices.

EwsEnabled This property specifies that EWS is enabled for users of this mailbox plan.

ImapEnabledThis property specifies that IMAP4 is enabled for users of this mailbox plan. If users connect to their mailbox using IMAP4, they will not have advanced collaboration features such as calendaring, contacts, and tasks. The default value is True.

Start the Microsoft Exchange IMAP4 service through the Control Panel.

OrganizationalQueryBasedDNEnabledIf set to False, this property specifies that the user's QueryBaseDN will be set to point at the user's own object, meaning that the user will not be able to see other users in the organization.

OutlookAnywhereEnabledThis property specifies that OutlookAnywhere, formerly known as RPC over HTTP, is enabled for users of this mailbox plan.

PopEnabledThis property specifies that POP3 is enabled for users of this mailbox plan. If users connect to their mailbox using POP3, they will not have advanced collaboration features such as calendaring, contacts, and tasks.

Start the Microsoft Exchange POP3 service through the Control Panel.

ShowInAddressListEnabledThis property specifies that users of this mailbox plan will be displayed in the tenant organization's address list.

SkipResetPasswordonFirstLogonEnabledThis property specifies that users of this mailbox plan will not be required to change their password upon logging in to their e-mail account for the first time.

Property Description Dependencies

ActiveSyncDeviceDataAccessPermissionsThis property specifies that users have permissions to retrieve information about their Exchange ActiveSync devices and rights to clear them.

Use this property in conjunction with the ActiveSyncPermisssions.

ActiveSyncPermissionsThis property specifies that users can provision themselves for ActiveSync including deleting their own partnerships.

Use this property in conjunction with the ActiveSyncDeviceDataAccessPermissions.

AutoGroupPermissionsThis property specifies that users can create and manage distribution groups.

ImapPermissionsThis property specifies that users can manage IMAP for their own accounts.

This property specifies that users can manage mail tips for their own



Quotas Elements

If you set any of these properties on a user's mailbox, that mailbox setting overrides the value that is set for this attribute in the mailbox plan.



In order to create a Service Plan, we recommend that you start with one of the service plan templates. After you create the service plan, you will need to add the service plan information to the remap file.

For more information about service plans, see Understanding Service Plans and Mailbox Plans.

Prerequisites

� Read Configurable Features for Service Plans and Mailbox Plans.

Create a Service Plan


1. Navigate to the location where the service plan templates are stored.Service plan templates are in the following location: <Exchange Installation Path>\Exchange Server\V14\ClientAccess\ServicePlans.

2. Determine which service plan template meets your needs and open the template using NotePad.

3. Save the Service Plan template with a new name.

1. Modify the settings. For more information about the properties and their settings, see Configurable Features for Service Plans and Mailbox Plans.

2. If you are going to create multiple Mailbox Plans, copy the mailbox plan section starting with MailboxPlanName and ending with MailboxPlan and paste it after the MailboxPlan end section. Make sure that the mailbox plan is within the MailboxPlans section. You will need to change the following properties for the new mailbox plan:

� MailboxPlanName This property specifies the name of the mailbox plan, for example Gold, Silver, Bronze.

� MialboxPlanIndex This property must be unique for each mailbox plan.

MailtipsPermissions accounts.

MessageTrackingPermissionsThis property specifies that users have the ability to manage message tracking reports for their own sent and received messages.

ModeratedRecipientsPermissionsThis property specifies that users can control e-mail delivery to protected distribution groups and users by restricting "To" and "Pending From" e-mail approval process.

OrganizationalAffinityPermissionsThis property specifies that users can turn off "Work Week" and "Automatically process requests and responses from external senders". This property applies to open domain organizations.

PopPermissionsThis property specifies that users can enable, disable, and customize POP3 settings for their own account.

ProfileUpdatePermissionsThis property specifies that users can update their own profile information.

ResetUserPasswordManagementPermissions This property specifies that users can reset their own passwords.

RetentionTagsPermissionsThis property specifies that users can set retention tags on their folders and message items.

SMSPermissionsThis property specifies that users can enable SMS notifications on their own accounts.

UserMailboxAccessPermissions

Feature Description

MaxReceiveTransportQuota This property specifies the maximum size messages in bytes that mailboxes with this service plan can receive.

MaxRecipientTransportQuotaThis property specifies the maximum number of recipients per message to which that mailbox with this service plan can send. You must specify either an integer or "unlimited."

MaxSendTransportQuota This parameter specifies the maximum size messages in bytes that mailboxes with this service plan can send.

ProhibitSendReceiveMailboxQuotaThis property specifies the mailbox size in bytes at which mailboxes with this service plan can no longer send or receive messages.


Create a Service Plan for a Tenant Organization


��

��

��

��

��

��

��

Note: The service plan should be saved in the same location and it should have the .serviceplan extension.



� ProvisionAsDefault This property specifies that this mailbox plan is the default mailbox plan. When new users are created and you do not specify a mailbox plan at that time the default mailbox plan will be applied to the mailbox. You can only have one default mailbox plan.

3. Save the new service plan.

4. Add the service plan to the service plan map. For more information, see Add a Service Plan to the Service Plan Map.

5. Ensure that you have copied the service plan and the service plan map to all CAS servers.

Other Tasks

After you create the service plan, you should perform the following steps:

� Validate the service plan by running the New-Organization command against the new tenant organization with the WhatIf parameter. For more information, see Verify a New Service Plan.



After you create a new service plan, you need to add it to the ServicePlanHostingRemap.csv file so that when you create a new organization, the new organization can use the settings in the service plan. This file maps the program ID, Offer ID and service plan name.

The ProgramID can be thought of as an offering level, such as Business or Consumer. Then the OfferID can be used as a sub-offering level, such as Medium Org or Small Org.

When you create a new organization, you must provide the program ID and Offer ID in the New-Organization command. Those two ids will allow the command to see which service plan to use for the organization. This allows you to easily change the service plan if the service plan name or the service plan version changes, because the organization does not depend on the file name of the service plan.


Prerequisites

� Create a Service Plan for a Tenant Organization

Add the Service Plan to ServicePlanHostingRemap.csv


1. Navigate to the location where service plan templates are stored. Service plan templates are in the following location: <Exchange Installation Path>\Exchange Server\V14\ClientAccess\ServicePlans.

2. Locate the file ServicePlanHostingRemap.csv.

3. Open the file using an editing application, such as Notepad.

4. Add a new line and provide the following comma separated information for the new service plan:

� ProgramId The ProgramID specifies the service level offering that you are providing to your tenant organizations.

� OfferId The OfferID specifies a sub-service level offering.

� ServicePlanName The service plan name specifies the file name of the service plan.

1. Save and close the file.

2. Ensure that you have copied the service plan and the ServicePlanHostingRemap file across all CAS servers.

Other Tasks

After you add the service plan to the service plan map, you might want to create a new organization.

� Create a Tenant Organization



Add a Service Plan to the Service Plan Map


��

��

��

��

��

��

��





After you create a new service plan, you should validate the service plan against an organization by running the New-Organization command with the WhatIf parameter. Verifying the service plan before you onboard a tenant organization allows you to see what errors you would receive before running the command to create the organization. This command will also instruct you in errors or inconsistencies that exist in the service plan.

Verify the service plan against a new tenant organization

EXAMPLE 1

This example creates a tenant organization Contoso at Contoso.com.

You will be prompted to provide a password for the administrator.



This topic explains how to create a new tenant organization. When you create a new tenant organization using the New-Organization cmdlet, a tenant administrator is created automatically and you will be prompted to provide an administrator password.


EXAMPLE 1



Other Tasks

You may also want to perform the following tasks:

� Configure Autodiscover Redirection for the Hosting Organization



Verify a New Service Plan


��

��

��

��

��

��

��

Copy CodeNew-Organization -Name "Contoso.com" -DomainName "Contoso.com" -Location "en-us" -ProgramId "Business" -OfferId "SmallOrg" -WhatIf




��

��

��

��

��

��

��

Copy CodeNew-Organization -Name "Contoso.com" -DomainName "Contoso.com" -Location "en-us" -ProgramId "Business" -OfferId "SmallOrg"


Configure AutoDiscover Redirection for the Tenant Organization


��

��

��

��

��

��

��



Prerequisites

� Prereq 1

� Prereq 2

What Do You Want to Do?

� Bookmark link to procedure 1

� Bookmark link to procedure 2

Procedure heading


1. Step 1

2. Step 2

Other Tasks

After you <task>, you may also want to…

� Link to topic

� Link to topic

For More Information

Link to topic

Link to topic



Insert introduction here.

Subhead

Insert section body here.

Subhead




The following two commands are important components of the Exchange Management Shell help experience, but operate independently of the help file:


Managing Tenant Organizations


��

��

��

��

��

��

��


Cmdlet Reference for Hosting Deployments


��

��

��

��

��

��

��



Get-Command returns a list of all cmdlets available to the Shell.

Get-ExCommand returns a list of all cmdlets available to the logged in user.

Cmdlets

The following cmdlets listed in this section are those that are only available for Hosting Deployments. For more information about all Exchange cmdlets, see Exchange 2010 Cmdlets.

For more information about Enterprise cmdlets that have parameters that are only available for Hosting Deployments, see Parameters for Hosting Deployments.

� Remove-LinkedUser

� Get-Organization

� New-Organization

� Start-OrganizationUpgrade

� Complete-OrganizationUpgrade

� Get-RecipientEnforcementProvisioningPolicy

� New-RecipientEnforcementProvisioningPolicy

� Remove-RecipientEnforcementProvisioningPolicy

� Set-RecipientEnforcementProvisioningPolicy

� Update-ServicePlan



This topic explains how to manage tenant organizations by using either the organization scope or the organization context.

Organization Scope

Organization Context

EXAMPLES



Insert introduction here.

Subhead


Subhead


Organization Scope and Context

Exchange Server 2010 SP1 Hosting Deployment Guide (Beta) > Cmdlet Reference for Hosting Deployments >

��

��

��

��

��

��

��


Parameters for Hosting Deployments


��

��

��

��

��

��

��






Use the Remove-LinkedUser cmdlet to remove an existing linked user account.

Syntax

Parameters

Detailed Description

Input Types

Return Types

Errors

Examples

EXAMPLE 1

Insert descriptive text for example 1.

EXAMPLE 2



Remove-LinkedUser


��

��

��

��

��

��

��

Remove-LinkedUser -Identity <UserIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-IgnoreDefaultScope

<SwitchParameter>] [-WhatIf [<SwitchParameter>]]

Parameter Required Type Description

Identity Required Microsoft.Exchange.Configuration.Tasks.UserIdParameter

The Identity parameter specifies the linked user. You can use any value that uniquely identifies the linked user. For example:

� Name

Distinguished name (DN)

Confirm Optional System.Management.Automation.SwitchParameterThe Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.

DomainController Optional Microsoft.Exchange.Data.FqdnThe DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.

IgnoreDefaultScope Optional System.Management.Automation.SwitchParameter

The IgnoreDefaultScope parameter instructs the command to ignore the default recipient scope setting for the Exchange Management Shell session and use the entire forest as the scope. This allows the command to access Active Directory objects that aren't currently in the default scope. Using the IgnoreDefaultScopeparameter introduces the following restrictions:

WhatIf Optional System.Management.Automation.SwitchParameter

The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

Error Description

Copy CodeInsert example commands for example 1.






Use the Get-Organization cmdlet to get information about tenant organizations.

Syntax

Parameters


You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "<Feature>" entry in the <topic link> topic.

Input Types

Return Types

Errors

Examples

EXAMPLE 1

This example returns information about all of the tenant organizations and lists them by name.

EXAMPLE 2

This example returns basic information about the tenant organization named Contoso.

EXAMPLE 2

This example returns detailed information about the tenant organization named Contoso.



Get-Organization


��

��

��

��

��

��

��

Get-Organization [-Identity <OrganizationIdParameter>] [-DomainController <Fqdn>] [-Filter <String>] [-ForReconciliation <SwitchParameter>]

[-ResultSize <Unlimited>]


Identity Optional Microsoft.Exchange.Configuration.Tasks.OrganizationIdParameter The Identity parameter specifies the identity of the tenant organization.

DomainController Optional Microsoft.Exchange.Data.FqdnThe DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that retrieves data from Active Directory.

Filter Optional System.String This parameter is reserved for internal Microsoft use.

ForReconciliation Optional System.Management.Automation.SwitchParameter This parameter is reserved for internal Microsoft use.

ResultSize Optional Microsoft.Exchange.Data.Unlimited This parameter is reserved for internal Microsoft use.

Error Description

Copy CodeGet-Organization | format-table name

Copy CodeGet-Organization -Identity Contoso

Copy CodeGet-Organization -Identity Contoso | FL


New-Organization


��




Use the New-Organization cmdlet to create a tenant organization.

Syntax

Parameters


When you create a tenant organization a tenant administrator is created automatically and you will be prompted to provide an administrator password.


Input Types

Return Types

Errors

Examples

EXAMPLE 1

��

��

��

��

��

��

New-Organization -Name <String> -DomainName <SmtpDomain> -Location <String> -OfferId <String> -ProgramId <String> [-Administrator

<WindowsLiveId>] [-AdministratorNetID <NetID>] [-AdministratorPassword <SecureString>] [-AuthenticationType <Managed | Federated>] [-Confirm

[<SwitchParameter>]] [-CreateSharedConfiguration <SwitchParameter>] [-EnableFileLogging <SwitchParameter>] [-ExternalDirectoryOrganizationId

<Guid>] [-HotmailMigration <SwitchParameter>] [-IsDatacenter <SwitchParameter>] [-IsDirSyncRunning <$true | $false>] [-IsPartnerHosted

<SwitchParameter>] [-PartnerObjectId <Guid>] [-WhatIf [<SwitchParameter>]]


Name Required System.String The Name parameter specifies the name of the tenant organization.

DomainName Required Microsoft.Exchange.Data.SmtpDomainThis parameter specifies the primary SMTP domain of the tenant organization. For example, Contoso.com

Location Required System.StringThis parameter specifies the location of the organization, such as Country.

OfferId Required System.StringThis parameter specifies the OfferId that you provided in the ServicePlanHostingRemap.csv file.

ProgramId Required System.StringThis parameter specifies the ProgramId that you provided in the ServicePlanHostingRemap.csv file.

Administrator Optional Microsoft.Exchange.Data.WindowsLiveId This parameter is reserved for internal Microsoft use.

AdministratorNetID Optional Microsoft.Exchange.Data.NetID This parameter is reserved for internal Microsoft use.

AdministratorPassword Optional System.Security.SecureStringThe AdministratorPassword parameter specifies the initial password that will be created for the tenant administrator.

AuthenticationType Optional Microsoft.Exchange.Data.Directory.AuthenticationTypeThis parameter is reserved for internal Microsoft use.

Confirm Optional System.Management.Automation.SwitchParameter

The Confirm switch can be used to suppress the confirmation prompt that appears by default when this cmdlet is run. To suppress the confirmation prompt, use the syntax -Confirm:$False. You must include a colon ( : ) in the syntax.

CreateSharedConfiguration Optional System.Management.Automation.SwitchParameter This parameter is reserved for internal Microsoft use.

EnableFileLogging Optional System.Management.Automation.SwitchParameter The EnableFileLogging parameter specifies…

ExternalDirectoryOrganizationIdOptional System.Guid This parameter is reserved for internal Microsoft use.

HotmailMigration Optional System.Management.Automation.SwitchParameter This parameter is reserved for internal Microsoft use.

IsDatacenter Optional System.Management.Automation.SwitchParameter This parameter is reserved for internal Microsoft use.

IsDirSyncRunning Optional System.Boolean This parameter is reserved for internal Microsoft use.

IsPartnerHosted Optional System.Management.Automation.SwitchParameter

The IsPartnerHosted parameter specifies that the tenant organization is hosted in a multi-tenancy environment.

If you don't specify this parameter…

PartnerObjectId Optional System.Guid This parameter is reserved for internal Microsoft use.



Error Description







Use the Start-OrganizationUpgrade cmdlet to upgrade a tenant organization after you have upgraded the Hosting organization to a new version of Exchange 2010, such as upgrading from the Beta version to the release version. For more information, see Checklist: Exchange 2010 Build-to-Build Upgrade for Hosting Deployments.

Syntax

Parameters


You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Organization Upgrade" entry in the Hosted Deployment Permissions topic.

Input Types

Return Types

Errors

Examples

EXAMPLE 1

Copy CodeNew-Organization -OrganizationName "Contoso.com" -DomainName "Contoso.com" -Location "en-us" -ProgramId "Business" -OfferId "SmallOrg"


Start-OrganizationUpgrade


��

��

��

��

��

��

��

Start-OrganizationUpgrade -Identity <OrganizationIdParameter> [-AuthoritativeOnly <SwitchParameter>] [-Confirm [<SwitchParameter>]] [-

DomainController <Fqdn>] [-EnableFileLogging <SwitchParameter>] [-IsDatacenter <SwitchParameter>] [-IsPartnerHosted <SwitchParameter>] [-

WhatIf [<SwitchParameter>]]


Identity Required Microsoft.Exchange.Configuration.Tasks.OrganizationIdParameter The Identity parameter specifies the identity of the tenant organization.

AuthoritativeOnly Optional System.Management.Automation.SwitchParameter

The AuthoritativeOnly parameter specifies that the tenant domain is an authoritative domain.

You don't have to specify a



EnableFileLogging Optional System.Management.Automation.SwitchParameterThe EnableFileLogging parameter specifies that file logging will be enabled when this command is run. You can view the file logs at the following location:


IsPartnerHosted Optional System.Management.Automation.SwitchParameterThe IsPartnerHosted parameter specifies that the tenant organization is a hosted tenant.



Error Description




EXAMPLE 2




Use the Complete-OrganizationUpgrade cmdlet to complete the upgrade of a tenant organization after you have upgraded the Hosting organization to a new version of Exchange 2010, such as upgrading from the Beta version to the release version.

For more information, see Checklist: Exchange 2010 Build-to-Build Upgrade for Hosting Deployments.

Syntax

Parameters


You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Organization Upgrade" entry in the Hosted Deployments Permissions topic.

Input Types

Return Types

Errors

Examples

EXAMPLE 1




Complete-OrganizationUpgrade


��

��

��

��

��

��

��

Complete-OrganizationUpgrade -Identity <OrganizationIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-

EnableFileLogging <SwitchParameter>] [-IsDatacenter <SwitchParameter>] [-IsPartnerHosted <SwitchParameter>] [-WhatIf [<SwitchParameter>]]


Identity Required Microsoft.Exchange.Configuration.Tasks.OrganizationIdParameter The Identity parameter specifies the identity of the tenant organization.



EnableFileLogging Optional System.Management.Automation.SwitchParameterThe EnableFileLogging parameter specifies that file logging will be enabled when this command is run. You can view the file logs at the following location:


IsPartnerHosted Optional System.Management.Automation.SwitchParameterThe IsPartnerHosted parameter specifies that the tenant organization is a hosted tenant.



Error Description




EXAMPLE 2




Use the Get-RecipientEnforcementProvisioningPolicy cmdlet to get information about provisioning policies.

Syntax

Parameters


Recipient enforcement provisioning policies allow you to set and enforce limits on the maximum number of objects that a tenant administrator can create in their tenant organization. You can limit the number of distribution groups, dynamic distribution groups, mailboxes, mail users and mail contacts.

For more information, see Managing Recipient Enforcement Provisioning Policies.


Input Types

Return Types

Errors

Examples

EXAMPLE 1




Get-RecipientEnforcementProvisioningPolicy


��

��

��

��

��

��

��

Get-RecipientEnforcementProvisioningPolicy [-Identity <ProvisioningPolicyIdParameter>] [-DomainController <Fqdn>] [-Organization

<OrganizationIdParameter>]


Identity Optional Microsoft.Exchange.Configuration.Tasks.ProvisioningPolicyIdParameter

The Identity parameter specifies the identity of the provisioning policy. This parameter accepts the following syntax:

"<Organization>\Recipient Quota Policy"

For example, if you want view the policy for Contoso, use the following:

"Contoso\Recipient Quota Policy"

DomainController Optional Microsoft.Exchange.Data.FqdnThe DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that retrieves data from Active Directory.

Organization Optional Microsoft.Exchange.Configuration.Tasks.OrganizationIdParameter

The Organization parameter specifies the tenant organization for which you want to view the provisioning policy. This parameter doesn't accept wildcards and you must use the exact name of the organization.

Error Description



This example returns the default information about the recipient provisioning policy for the tenant organization Contoso.com. The default information includes Identity, Scope, and the distribution list count quota.

EXAMPLE 2

This example returns the additional information about the recipient provisioning policy by pipelining the format-list command for all the policy with the identity Contoso\Recipient Quota Policy and pipelines. The additional information includes the default information plus the mailbox count quota, mail-enabled user count quota, contact count quota.



The New-RecipientEnforcementProvisioningPolicy cmdlet is used by the New-Organization cmdlet to create an enforcement policy that limits the number of distribution groups, dynamic distribution groups, mailboxes, mail-enabled users, and mail contacts that a tenant organization can create. This cmdlet reads the information in the organization's service plan to set the limits.

Syntax

Parameters


Recipient enforcement provisioning policies allow you to set and enforce limits on the maximum number of objects that a tenant administrator can create in their tenant organization. You can limit the number of distribution groups, dynamic distribution groups, mailboxes, mail users and mail contacts.


Input Types

Return Types

Errors

Copy CodeGet-RecipientEnforcementProvisioningPolicy -Organization "Contoso"

Copy CodeGet-RecipientEnforcementProvisioningPolicy -Identity "Contoso\RecipientQuotaPolicy" | FL


New-RecipientEnforcementProvisioningPolicy


��

��

��

��

��

��

��

Note: This cmdlet is used by internal tools and although it is available for administrators to bypass the New-Organization parameter, we recommend that you do not run this cmdlet.

New-RecipientEnforcementProvisioningPolicy [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-Organization

<OrganizationIdParameter>] [-WhatIf [<SwitchParameter>]]





Organization Optional Microsoft.Exchange.Configuration.Tasks.OrganizationIdParameterThe Organization parameter specifies the tenant organization for which you want to view the provisioning policy. This parameter doesn't accept wildcards and you must use the exact name of the organization.



Error Description



Examples

EXAMPLE 1

This example updates the recipient enforcement provisioning policy for the organization Contoso.com. The cmdlet will use the settings in the organization's service plan to update the policy settings.



The Remove-RecipientEnforcementProvisinongPolicy cmdlet removes the limits placed on an organization with regards to the number of distribution groups, dynamic distribution groups, mailboxes, mail-enabled users, and mail contacts that a tenant organization can create. When you run the command, organizations that are using this policy will be able to create an unlimited number of distribution groups, dynamic distribution groups, mailboxes, mail-enabled users, and mail contacts.

Syntax

Parameters



Input Types

Return Types

Errors

Examples

Copy CodeNew-RecipientEnforcementProvisioningPolicy -Orgnanization "Contoso.com"


Remove-RecipientEnforcementProvisioningPolicy


��

��

��

��

��

��

��

Note: This cmdlet is only used by Exchange and although it is available for administrators, we recommend that you do not run this cmdlet as it will allow tenant organizations to create an unlimited number of objects.

Remove-RecipientEnforcementProvisioningPolicy -Identity <ProvisioningPolicyIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController

<Fqdn>] [-WhatIf [<SwitchParameter>]]


Identity Required Microsoft.Exchange.Configuration.Tasks.ProvisioningPolicyIdParameter

The Identity parameter specifies the identity of the provisioning policy. This parameter accepts the following syntax: "<Organization>\Recipient Quota Policy".

For example, if you want view the policy for Contoso, use the following: "Contoso\Recipient Quota Policy".






Error Description



EXAMPLE 1

This example removes the recipient enforcement policy from the organization Contoso.



Use the Set-RecipientEnforcementProvisioningPolicy cmdlet to modify the maximum number of objects that can be created in a tenant organization. You can limit the number of distribution groups, dynamic distribution groups, mailboxes, mail users and mail contacts.

Syntax

Parameters



Input Types

Return Types

Copy CodeRemove-RecipientEnforcementProvisioningPolicy -Identity "Contoso\Recipient Quota Policy"


Set-RecipientEnforcementProvisioningPolicy


��

��

��

��

��

��

��

Set-RecipientEnforcementProvisioningPolicy -Identity <ProvisioningPolicyIdParameter> [-Confirm [<SwitchParameter>]] [-ContactCountQuota <Unlimited>] [-DistributionListCountQuota <Unlimited>] [-DomainController <Fqdn>] [-MailboxCountQuota <Unlimited>] [-MailUserCountQuota <Unlimited>] [-R3_Deprecated_DLCountQuota <Unlimited>] [-WhatIf [<SwitchParameter>]]


Identity Required Microsoft.Exchange.Configuration.Tasks.ProvisioningPolicyIdParameter

The Identity parameter specifies the identity of the provisioning policy. This parameter accepts the following syntax: "<Organization>\Recipient Quota Policy".

For example, if you want view the policy for Contoso, use the following: "Contoso\Recipient Quota Policy".


The Confirm switch can be used to suppress the confirmation prompt that appears by default when this cmdlet is run. To suppress the confirmation prompt, use the syntax -

Confirm:$False. You must include a colon ( : ) in the syntax.

ContactCountQuota Optional Microsoft.Exchange.Data.Unlimited

The ContactCountQuota parameter specifies the maximum number of contacts that can be created in the tenant organization. You can specify a number between 0 and X, or you can specify unlimited.

DistributionListCountQuotaOptional Microsoft.Exchange.Data.Unlimited

The DistributionListCountQuota parameter specifies the maximum number of distribution lists that can be created in the tenant organization. You can specify a number between 0 and X, or you can specify unlimited.


MailboxCountQuota Optional Microsoft.Exchange.Data.Unlimited

The MailboxCountQuota parameter specifies the maximum number of mailboxes that can be created in the tenant organization. You can specify a number between 0 and X, or you can specify unlimited.

MailUserCountQuota Optional Microsoft.Exchange.Data.Unlimited

The MailUserCountQuota parameter specifies the maximum number of mail-enabled users that can be created in the tenant organization. You can specify a number between 0 and X, or you can specify unlimited.


The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIfswitch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.



Errors

Examples

EXAMPLE 1

This example sets the maximum number of mailboxes for the tenant organization Contoso to 50,000 mailboxes and the allows the organization to create an unlimited number of contacts.



Use the Update-ServicePlan cmdlet to update tenant organizations from one service plan offering to another service plan offering, or when you update service plan features.

Syntax

Parameters


This cmdlet runs in two modes. The first mode allows you to update the service plan's and update the mailboxes with the new features. The second mode, which runs with the -ConfigOnly switch, updates only the service plan's configuration.

Error Description

Copy CodeSet-RecipientEnforcementProvisioningPolicy -Identity "Contoso\Recipient Quota Policy" -MailboxCountQuota 50000 -ContactCountQuota unlimited


Update-ServicePlan


��

��

��

��

��

��

��

Update-ServicePlan -Identity <OrganizationIdParameter> [-ConfigOnly <SwitchParameter>] [-Confirm [<SwitchParameter>]] [-Conservative

<SwitchParameter>] [-DomainController <Fqdn>] [-EnableFileLogging <SwitchParameter>] [-IsDatacenter <SwitchParameter>] [-IsPartnerHosted

<SwitchParameter>] [-WhatIf [<SwitchParameter>]]

Update-ServicePlan -Identity <OrganizationIdParameter> -OfferId <String> -ProgramId <String> [-ConfigOnly <SwitchParameter>] [-Confirm

[<SwitchParameter>]] [-Conservative <SwitchParameter>] [-DomainController <Fqdn>] [-EnableFileLogging <SwitchParameter>] [-IsDatacenter

<SwitchParameter>] [-IsPartnerHosted <SwitchParameter>] [-WhatIf [<SwitchParameter>]]


Identity Required Microsoft.Exchange.Configuration.Tasks.OrganizationIdParameter The Identity parameter specifies the name of the tenant organization.

OfferId Required System.String

The OfferId parameter specifies the OfferID associated with the service plan that is being changed.

You can't use this parameter in conjunction with the ConfigOnly parameter.

ProgramId Required System.String

The ProgramID parameter specifies the ProgramID of the plan that is being changed.

You can't use this parameter in conjunction with the ConfigOnly parameter.

ConfigOnly Optional System.Management.Automation.SwitchParameterThe ConfigOnly parameter specifies that only the service plan configuration will be updated.


The Confirm switch can be used to suppress the confirmation prompt that appears by default when this cmdlet is run. To suppress the confirmation prompt, use the syntax -Confirm:$False. You must include a colon ( : ) in

the syntax.

Conservative Optional System.Management.Automation.SwitchParameter The Conservative parameter specifies


EnableFileLogging Optional System.Management.Automation.SwitchParameter The EnableFileLogging parameter specifies


IsPartnerHosted Optional System.Management.Automation.SwitchParameter

The IsPartnerHosted parameter specifies that the tenant organization is hosted in a multi-tenancy environment.

If you don't specify this parameter…






Input Types

Return Types

Errors

Examples

EXAMPLE 1


EXAMPLE 2



Error Description





Multi Tenant Hosting

Documents

Transcript of Multi Tenant Hosting