Exchange 2010 Multi-Tenancy Powershell Script

I wrote the following powershell script to assist in carving out new Exchange 2010 tenants for additional child domains in our Exchange forest.  The script provisions mailbox databases, adds database copies to our DAG hosts, creates separate address lists, global address lists, address book policies, and sets up delegated administration.  Prior to running the script you would need to deploy an AD group for delegated recipient administration.  The group name will be prompted during execution of the script.  Also, modification of the script text in red will be necessary for your environment.  Hope some of you can take bits and pieces of this script and put it to use!

$EntityName = read-host “Entity Name”
$EntityAbbr = read-host “Antity Abbreviation”
$EntityFQDN = read-host “Entity Fully Qualified Domain Name (EXAMPLE: my.internaldomain.internal)

<# Carve out Address Lists and Policies #>
New-GlobalAddressList $EntityName” Global Address List” -IncludedRecipients MailboxUsers, Resources, MailContacts, MailGroups, MailUsers -RecipientContainer $EntityFQDN
Update-GlobalAddressList $EntityName” Global Address List”
New-AddressList $EntityName -IncludedRecipients MailboxUsers -RecipientContainer $EntityFQDN
Update-AddressList $EntityName
New-AddressList “All $EntityName Rooms” -Container “\$EntityName” -RecipientContainer $EntityFQDN -RecipientFilter {((Alias -ne $null) -and (((RecipientDisplayType -eq ‘ConferenceRoomMailbox’) -or (RecipientDisplayType -eq ‘SyncedConferenceRoomMailbox’))))}
Update-AddressList “All $EntityName Rooms”
New-AddressList “All $EntityName Groups” -Container “\$EntityName” -RecipientContainer $EntityFQDN -IncludedRecipients MailGroups
Update-AddressList “All $EntityName Groups”
New-OfflineAddressBook “$EntityName Offline Address Book” -AddressLists “\$EntityName” -VirtualDirectories “CASSERVER1\OAB (Default Web Site)”, “CASSERVER2\OAB (Default Web Site)”, “CASSERVER3\OAB (Default Web Site)”, “CASSERVER4\OAB (Default Web Site)
Update-OfflineAddressBook “$EntityName Offline Address Book”
New-AddressBookPolicy $EntityName -GlobalAddressList “$EntityName Global Address List” -RoomList “\$EntityName\All $EntityName Rooms” -OfflineAddressBook “$EntityName Offline Address Book” -AddressLists “\$EntityName\All $EntityName Groups”

<# Provision Mailbox Databases #>
$DatabaseCount = read-host “Number of Exchange Mailbox Databases to Setup”
$DBC = 0

$DatabaseName = read-host “Database Name”
[int32]$QuotaWarningMB = read-host “Quota Warning (in MB)”
$QuotaWarningKB = ($QuotaWarningMB * 1024)
$QuotaWarningBytes = ($QuotaWarningKB *1024)
[int32]$QuotaLimitMB = read-host “Quota Limit (in MB)”
$QuotaLimitKB = ($QuotaLimitMB * 1024)
$QuotaLimitBytes = ($QuotaLimitKB *1024)
New-MailboxDatabase $DatabaseName -EDBFilePath “E:\Databases\$DatabaseName.edb” -LogFolderPath “F:\Logs\$DatabaseName” -Server MAILBOXSRV1
Start-Sleep -s 30
Mount-Database $DatabaseName
Set-MailboxDatabase $DatabaseName -ProhibitSendReceiveQuota Unlimited -IssueWarningQuota $QuotaWarningBytes -ProhibitSendQuota $QuotaLimitBytes
Add-MailboxDatabaseCopy -Identity $DatabaseName -MailboxServer MAILBOXSRV2 -ActivationPreference “2”
Start-Sleep -s 10
Resume-MailboxDatabaseCopy -Identity $DatabaseName\MAILBOXSRV2}
While ($DBC -lt $DatabaseCount)

<# Created Delegated Administration Permissions #>

$DatabaseList = read-host “Enter database names seperated by comma’s for delegated recipient administration”
$RecAdmGrpName = read-host “Specify the active directory group name to delegate privileges to (EXAMPLE: my.internaldomain.internal/Resources/Rule Groups/EXC_Entity_RecipientAdmins)”
New-ManagementScope “$EntityAbbr Databases” -DatabaseList $DatabaseList
Set-AdServerSettings -RecipientViewRoot “internaldomain.internal
$RoleGroup = Get-RoleGroup “Recipient Management”
New-RoleGroup “$EntityAbbr Recipient Management” -Roles $RoleGroup.Roles -CustomConfigWriteScope “$EntityAbbr Databases” -Members $RecAdmGrpName


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s