Exchange Mail Relay Connector mit SMTP Test per Telnet

Guter Link um den Relay Connector zu erstellen:
https://www.frankysweb.de/exchange-2016-anonymes-relay-erlauben-5-7-54-unable-relay/

New-Receiveconnector -Server FWEX2016 -Name "Relay" -RemoteIPRange ("172.16.100.102") -TransportRole "FrontendTransport" -Bindings ("0.0.0.0:25") -Usage "Custom"

Und Rechte für senden nach extern:
Englischer Server:
Get-ReceiveConnector "Anonymes Relay FWEX2016" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Deutscher Server:
Get-ReceiveConnector "Anonymes Relay FWEX2016" | Add-ADPermission -User "NT-Autorität\Anonymous-Anmeldung" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

Tests mit Telnet auf Port 25:

  1. EHLO test.example.com
  2. MAIL FROM:<ABSENDERADRESSE>
  3. RCPT TO:<EMPFÄNGERADRESSE>
  4. DATA
  5. Subject: Testnachricht
  6. (Leerzeile, erneut Enter drücken)
  7. Das ist ein Test.
  8. (Leerzeile, erneut Enter drücken)
  9. .
  10. QUIT

Oder mit dem Powershell Befehl unter meinen anderen Beiträgen:
https://www.r-s.ch/powershell-befehle







Installation Exchange Server 2019

PreReq installieren:
Visual C++: https://www.microsoft.com/de-DE/download/details.aspx?id=40784
UC Runtime: https://www.microsoft.com/en-us/download/details.aspx?id=34992

Windows Features per Admin Powershell:
Install-WindowsFeature Server-Media-Foundation, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS, Server-Media-Foundation

Rename DB:
Set-MailboxDatabase „Mailbox Database 2544738424“ -Name „EX13-3“

Move DB und Log Files:
Move-DatabasePath -Identity „EX13-3“ -EdbFilePath „E:\DB\MDB13-3\MDB13-3.edb“ -LogFolderPath „L:\Logs\MDB13-3“


Internet Connector erstellen
Accepted Domains
AdressPolicy setzen

Virtual Directories setzen:

$servername= "FWEX2"$internalhostname= "outlook.frankysweb.de"$externalhostname= "outlook.frankysweb.de"$autodiscoverhostname= "autodiscover.frankysweb.de"$owainturl= "https://"+ "$internalhostname"+ "/owa"$owaexturl= "https://"+ "$externalhostname"+ "/owa"$ecpinturl= "https://"+ "$internalhostname"+ "/ecp"$ecpexturl= "https://"+ "$externalhostname"+ "/ecp"$ewsinturl= "https://"+ "$internalhostname"+ "/EWS/Exchange.asmx"$ewsexturl= "https://"+ "$externalhostname"+ "/EWS/Exchange.asmx"$easinturl= "https://"+ "$internalhostname"+ "/Microsoft-Server-ActiveSync"$easexturl= "https://"+ "$externalhostname"+ "/Microsoft-Server-ActiveSync"$oabinturl= "https://"+ "$internalhostname"+ "/OAB"$oabexturl= "https://"+ "$externalhostname"+ "/OAB"$mapiinturl= "https://"+ "$internalhostname"+ "/mapi"$mapiexturl= "https://"+ "$externalhostname"+ "/mapi"$aduri= "https://"+ "$autodiscoverhostname"+ "/Autodiscover/Autodiscover.xml"Get-OwaVirtualDirectory-Server$servername| Set-OwaVirtualDirectory-internalurl$owainturl-externalurl$owaexturlGet-EcpVirtualDirectory-server$servername| Set-EcpVirtualDirectory-internalurl$ecpinturl-externalurl$ecpexturlGet-WebServicesVirtualDirectory-server$servername| Set-WebServicesVirtualDirectory-internalurl$ewsinturl-externalurl$ewsexturlGet-ActiveSyncVirtualDirectory-Server$servername| Set-ActiveSyncVirtualDirectory-internalurl$easinturl-externalurl$easexturlGet-OabVirtualDirectory-Server$servername| Set-OabVirtualDirectory-internalurl$oabinturl-externalurl$oabexturlGet-MapiVirtualDirectory-Server$servername| Set-MapiVirtualDirectory-externalurl$mapiexturl-internalurl$mapiinturlGet-OutlookAnywhere-Server$servername| Set-OutlookAnywhere-externalhostname$externalhostname-internalhostname$internalhostname-ExternalClientsRequireSsl:$true-InternalClientsRequireSsl:$true-ExternalClientAuthenticationMethod'Negotiate'Get-ClientAccessService$servername| Set-ClientAccessService-AutoDiscoverServiceInternalUri$aduriGet-OwaVirtualDirectory-Server$servername| fl server,externalurl,internalurlGet-EcpVirtualDirectory-server$servername| fl server,externalurl,internalurlGet-WebServicesVirtualDirectory-server$servername| fl server,externalurl,internalurlGet-ActiveSyncVirtualDirectory-Server$servername| fl server,externalurl,internalurlGet-OabVirtualDirectory-Server$servername| fl server,externalurl,internalurlGet-MapiVirtualDirectory-Server$servername| fl server,externalurl,internalurlGet-OutlookAnywhere-Server$servername| fl servername,ExternalHostname,InternalHostnameGet-ClientAccessServer$servername| fl name,AutoDiscoverServiceInternalUri






Wichtige Konsolen

certlm.msc Zertifikate vom lokalen Computeraccount
certmgr.msc Zertifikate vom Benutzeraccount
compmgmt.msc Computerverwaltung
services.msc Dienste vom lokalen Computer
devmgmt.msc Gerätemanager
diskmgmt.msc Datenträgerverwaltung
eventvwr.msc Eventviewer
lusrmgr.msc Lokale Benutzerverwaltung
taskschd.msc Taskscheduler
virtmgmt.msc HyperV Management
wf.msc Windowsfirewall

FSMO Rollen

Check FSMO roles:

open command line and type :
netdom query fsmo

Schemabetriebsmaster Rolle übertragen:

Das notwendige Snap-In für das Schema muss vor der Verwendung registriert werden. Der Befehl hierfür, der auf einer administrativen Konsole auf dem noch gültigen Betriebsmaster (hier: dc.lab.dom) eingegeben wird, lautet:

regsvr32 schmmgmt.dll

RID, PDC, Infrastruktur Masterrollen übertragen:

Diese Master Rollen  können über „Active Directory-Benutzer und –Computer“ verschoben werden.

Domain Masterrolle übertragen:

Die Domain-Master Rolle kann über „Active Directory-Domänen und Vertrauensstellung“ verschoben werden.

Rollen per Powershell übertragen:

Move-ADDirectoryServerOperationMasterRole -Identity %ZIELSERVERNAME% -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator

Oder mit Nummern:
Move-ADDirectoryServerOperationMasterRole -Identity %ZIELSERVERNAME% -OperationMasterRole 0,1,2,3,4

Exchange Logfiles

Remove Exchange Log Files:

Remove old Exchange Log Files Artikel

Befehl inkl. Internet Information Service Folder für 14 Tage:

gci ‚C:\Program Files\Microsoft\Exchange Server\V15\Logging‘,’C:\inetpub\logs‘ -Directory | gci -Include ‚*.log‘,’*.blg‘ -Recurse | ? LastWriteTime -lt (Get-Date).AddDays(-14) | Remove-Item

Enable Circular Logging:

Set-MailboxDatabase {Database-Name} -CircularLoggingEnabled $True
net stop "Microsoft Exchange Information Store"
net start "Microsoft Exchange Information Store"

PowerShell Befehle

Verbindung zu Office365:

neues Modul AzureAD:
Install-Module -Name AzureAD

altes Modul MSOnline:
Install-Module MSOnline

$credential = Get-Credential
Connect-MsolService -Credential $credential
Connect-AzureAD -Credential $credential
https://docs.microsoft.com/de-ch/office365/enterprise/powershell/connect-to-office-365-powershell
Office 365 AD Sync Befehle:
Import-Module ADSync
Start-ADSyncSyncCycle -PolicyType Delta
Start-ADSyncSyncCycle -PolicyType Initial
MAC Adresse per Powershell ansehen:
Get-NetAdapter | select name, macaddress | sort macaddress
Send Email per Powershell Command:
Send-MailMessage -SmtpServer IPorMailServerName -To Emailto@xyz.ch -From EmailFrom@xyz.ch -Subject „It`s me Ronald“ -Body „Send a Test Mail“
Passwort Ablaufdatum ermitteln per Powershell Command:
https://bent-blog.de/powershell-ablaufdatum-des-eigenen-kennworts-ermitteln/

([System.Security.Principal.WindowsIdentity]::GetCurrent().User).Value | get-aduser -Properties Displayname,PasswordLastSet,msDS-UserPasswordExpiryTimeComputed | Select-Object -Property Displayname,SamAccountName,PasswordLastSet,@{Name=“ExpirationDate“;Expression={[datetime]::FromFileTime($_.“msDS-UserPasswordExpiryTimeComputed“)}},@{Name=“Duration“;Expression={$(New-TimeSpan -Start $(Get-Date) -End $([datetime]::FromFileTime($_.“msDS-UserPasswordExpiryTimeComputed“))).ToString(„%d“)+“ days“}}

Command:
net user %username% /domain

Domain Functional Level und Forest Functional Level:
Get-ADDomain | fl Name,DomainMode
Get-ADForest | fl Name,ForestMode
Verbindungsaufbau zu M365:
https://docs.microsoft.com/de-ch/office365/enterprise/powershell/connect-to-office-365-powershell

Module Installieren:
Install-Module -Name AzureAD
Install-Module -Name MicrosoftTeams
Install-Module -Name ExchangeOnlineManagement
Install-Module -Name Microsoft.Online.SharePoint.PowerShell
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
 
Update der Module z.B:
Update-Module -Name ExchangeOnlineManagement
 
Installierte Version auslesen:
Import-Module ExchangeOnlineManagement; Get-Module ExchangeOnlineManagement
 
Verbindung Aufbauen:
$UserCredential = Get-Credential
Connect-AzureAD -Credential $usercredential
Connect-MsolService -Credential $usercredential
Connect-ExchangeOnline -Credential $UserCredential -ShowProgress $true
Connect-SPOService -Url https://<domainhost>-admin.sharepoint.com -credential $UserCredential
Connect-MicrosoftTeams -Credential $UserCredential
   
Allenfalls noch Skype Verbindung kann Warnmeldungen generieren:
Import-Module SkypeOnlineConnector
$sfboSession = New-CsOnlineSession -Credential $UserCredential
Import-PSSession $sfboSession
   
Security & Compliance Center:
$SccSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication „Basic“ -AllowRedirection
Import-PSSession $SccSession -Prefix cc
 
 
Verbindungen sauber trennen:
Remove-PSSession $sfboSession ; Remove-PSSession $SccSession ; Disconnect-SPOService ; Disconnect-MicrosoftTeams
Check if ModernAuthentication is enabled:
Get-OrganizationConfig | Format-Table Name,OAuth* -Auto

Windows Zeitserver konfigurieren

How to set Windows Time Service on Windows Server

w32tm /config /manualpeerlist:%DCNAME%.%DOMAIN%.local,ptbtime1.ptb.de,pool.ntp.org,time.windows.com /syncfromflags:manual /reliable:yes /update

Erklärung:
syncfromflags:manual -> heisst: manuelle Peerliste verwenden
reliable:yes -> heisst: yes=er selber dient als Zeitsource Server no=kein Zeitsource Server