Creating Tenants for Exchange 2010 SP2 Multi Tenant

Exchange 2010 SP2 has been released! Sucks for some of us using /hosting since there isn’t really a good migration path other than doing a forest migration. Anyways, SP2 has been released and we get the EMC back, and also some more roles such as the unified messaging role!

Most automation software [as of 1/2/2012] do not support SP2 yet. Some that currently do are ExtendASP, and I believe Machsol will in a couple of weeks. Personally I have not used either.

Anyways you can still separate your tenants manually without using a automation software but it is more complex and requires more steps than Exchange /hosting did. You will have to create multiple address lists and also use custom attributes. You can read the documentation at Download: Exchange 2010 SP2 Multi-Tenant Scale Guidance …

Note: Lync is supposed to be coming out with a hosting pack and requires a specific active directory organizational unit structure to work. I do not have this information so you may want to wait if you plan on deploying Lync Hoster pack with Exchange 2010 SP2.

Here are some things you will need to create:

Removing an Organization (Remove-Organization)

 In order to remove an Organization from Exchange 2010 multi-tenant you must first delete all mailboxes from the organization. You can delete most of them through the ECP (Exchange Control Panel), but you will still be left with the administrator mailbox you are using, DiscoverySearchMailbox, and some others.

First you must find your organization you want to remove. You can do this by typing:

  • Get-Organization

Next you want to remove all mailboxes from the organization. Like I said above you can delete most of them using ECP or you can remove all the mailboxes quickly by typing:

  • Get-Mailbox-Organization"<ORG NAME HERE>"| Remove-Mailbox

Now that all mailboxes are removed you can type this to remove the organization: 

  • Remove-Organization -Identity "<ORG NAME HERE>"

Give it a minute and you should be able to do another Get-Organization and notice that your organization is gone! I took a picture for your viewing pleasure: 


Exchange 2010 SP1 Multi-Tenant (Step 3 of 3)

Configuring Mailflow


Here is the issue. If you use DNS to route your mail then you will have a problem with sending emails between organizations. In order to make this work you must create a send connector that routes the traffic to and from the organizations. Another way to solve this problem is to use a smart host:

New-SendConnector -Name "Internet" -Usage "Custom" -AddressSpaces "SMTP:*;1" -IsScopedConnector $false -SmartHosts x.x.x.x,x.x.x.x -DNSRoutingEnabled $false -SmartHostAuthMechanism "None" -UseExternalDNSServersEnabled $false -SourceTransportServers "Exchange Server"

New Send Connector


Receive Connector:


Now we must tick the Anonymous box on the default receive connector so internet users can send to the Exchange Server:

Set-ReceiveConnector -PermissionGroups 'AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers' -Identity 'LABDCEX\Default LABDCEX'

Receive Connector


Setting External FQDN


Our next step will be to make sure we put the external FQDN on all of the virtual directories.



Exchange 2010 SP1 Multi-Tenant (Step 2 of 3)

Creating New Organizations

Hosted Exchange uses “Service Plans” to control what organizations have access to what features. With service plans you can turn features on or off like POP, MAPI, ActiveSync, and even mailbox sizes. So open Windows Explorer and browse to:

c:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\ServicePlans

You will notice that there are sample service plans and CSV files called “ServicePlanHostingRemap”. It is very important you do not use the samples because they can be replaced with updates. Just simply copy a sample and rename it. Then open the HostingRemap file and put in something for the ProgramId and OfferId. The last one is for the name of the filename.

Service Plan

Next you will want to go to the Exchange Shell to create a new organization. So type:


  • $c = Get-Credential
  • New-Organization -Name "My Lab Domain" -DomainName -Location en-US -ProgramId Lab -OfferId 2 -AdministratorPassword $c.password

New Organization



The Parameters:


Exchange 2010 SP1 Multi-Tenant (Step 1 of 3)

Finally Microsoft has came out with Exchange server that could
support multiple organizations without the need of HMC or manually
making changes in ADSIEDIT or Active Directory. I have actually not
used HMC before but found that trying to segregate address list and
GALs manually in Exchange 2007 was a pain.

What is not available

  • Exchange Management Console

  • Public Folders

  • Unified Messaging Server role (can install on different machine)

  • GalSync

  • Federation

  • Business-to-Business features such as cross-premises message
    tracking and calendar sharing

  • IRM

  • Outlook 2003 support

  • Edge Transport Server role

  • Same forest upgrade from Exchange 2007

  • Resource forest

  • Parent-child domains

  • Discontiguous namespace

  • Disjoint namespace

I know that most get upset at the Exchange Management Console not
being available anymore but I find that the shell commands are really
simple and easy (especially with the help of Google and Microsoft
help pages).

You can still easily create new users/mailboxes using the Exchange
Console Panel through OWA. We will get to that in a little bit.

Subscribe to Multi-Tenant