Overview

Multi-tenant Hosting for Exchange is also referring as Shared Hosting for Exchange. There are many ways to achieve that and one of the most recommended solution by Microsoft is using Hosted Messaging Collaboration. It is a complete solution, not only for Exchange, but also for Sharepoint and Office Communication Server.

However not every company has the budget to deploy such complex infrastructure. They might have limited resources, both hardware and professions, or they simply have some unique requirements that HMC can not fulfill.

Therefore a more flexible but manual way of deployment is required. That is the purposes of this article.

Solution Overview

This illustration presented a typical multi-tenant setup which provides the major fundamental services, such as Outlook Web Access, Outlook Anywhere, Offline Address Book Web distribution and Auto-discover discover etc. Each of its tenant ( company ) should not be able to see other's Global Address List or extended its search or name resolving into others address book. In another words, they are suppose to see what they are allowed to see.

Below is the infrastructure diagram of a typical setup and I will configure the multi-tenant using this type of setup

You may realise that there isn't any edge server role and UM server role in this setup, simple because I want to make this tutorial short and simple. So that anyone will be able to understand the rationale behind the technique and deploy a P.O.C setup very quickly.

Customer Background

Let's assume Company A and Company B appoached my company and wish to sign up email services but do not want to pay higher price for dedicated servers. Company A and Company B do not know each other and they are compatitors. So as the engineer who will be deploy the setup have to ensure that they cant see each other and the contacts of both companies cant be seen by the other party.

Pre-requisition

1. OS installation need to be completed
2. Exchange Server roles deployment need to be completed
3. Administrator is able to send out and if possible recieve mails
4. ISA server(s) installed with OS and application.

Enviroment Setup

1. Create OUs for root hosting directory and customers

2. Add the customers' domain name into the UPN. This step is to allow your customer to login to the common OWA page using their own email address.

You need to open up "Active Directory Domains and Trusts" management console and right click on the root level, click on "Properties" and you will see the options shown as above.

3. Create a global security group for each of your customers under their own OU. Alternatively you can also create a distribution group that your customer will use for send to all function in the future( you should do it using Exchange Manangment Console to create distribution group in Exchange 2007)

4. Add your customers' public internet domain into the Accepted Domain in your Exchange 2007 setup.

Alternatively, you can achieve that by using the Exchange command shell listed below.

New-AcceptedDomain -Name "Company A" -DomainName "coa.com" -DomainType "Authoritative"

5. Create "Email Address Policy" for all the customers

For my setup, I prefer to use "Company" attribute as the key to apply the policy. You may wish to use other attrubute(s) to define your policy

This will be the place that you need to define how you want the email address format to be

For my setup, I am using "Last name.first name" format.

Select the domain from the list.

Alternatively, you can achieve this by using the command shell

New-EmailAddressPolicy "Company A EAP" -IncludedRecipients "AllRecipients" -ConditionalCompany "Company A" -Priority "1" -EnabledPrimarySMTPAddressTemplate "SMTP:%g.%1@coa.com"

Here is the defination on smtp address format. %g = first name, %s = last name ,1 = initial(add before g or s and after %), %m = alias

6. Create Address List for each of the customers

Alternatively, you can achieve this by using the command shell,

New-AddressList -Name "Company A Address List" -Container "\" -IncludedRecipients "AllRecipients" -ConditionalCompany "Company A"

7. Creaet Global Address List for the customers

In Exchange 2007, Global Address List can only be create and modified in command shell. Below is the example

New-GlobalAddressList -Name "Company A GAL" -ConditionalCompany "Company A" -IncludedRecipients AllRecipients

8. Create Offline Address Book for the customers

The option to enable public folder distribution is for outlook client 2003, if your customers are using outlook 2007, the option can be disabled.

Alternatively, you can achieve that by using the command shell

New-OfflineAddressBook -Name "Company A Offline Address Book" -Server "HAWAII" -AddressLists "\Company A Address List" -PublicFolderDistributionEnabled $true -VirtualDirectories "ALASKA\OAB (Default Web Site)"

In next article, we are going to do the actual configuration that will make the multi-tenant work flawlessly.

Discuss/Post to digWin